Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

USB Potentially infected, need to know if I dont need to worry!


  • This topic is locked This topic is locked
12 replies to this topic

#1 Xenon366

Xenon366

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 06 October 2014 - 11:42 AM

I had a USB that I placed in my computer yesterday which had at first glance an icon for some "slideshow" thing, and a folder, which then was quickly found by MSE and taken off of the USB drive. I scanned the USB Drive again and there were some hidden files that it took care of:
 
backdoor:MSIL/Bladabindi.B
Worm:Win32/Gamarue.N and Gamarue.F
 
I took precautions and also downloaded Malwarebytes, did not find anything, scanned again with MSE, did not find anything, Downloaded Zemana just incase im being keylogged, ran Rkill:
 
Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/06/2014 01:17:27 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\TEMP\irstrtsv\scrncap.exe (PID: 2744) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 10/06/2014 01:17:37 AM
Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)
 
I dont think that the terminated process was a malicious one since it seems to be an Intel process? TDSSKiller found one service that I also assume is safe but it was "SuperRAIDSvc ( UnsignedFile.Multi.Generic )"  at location C:\MSI\Super RAID\SuperRAIDSvc.exe, its for my motherboard? Fubar txt files are added in the attachments.
 
I basically want to know if I have any keylogger or anything that I have to be worried about, I took the USB out after i cleaned it and im worried about if they already took information from me or are still doing it. Thanks for help!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014
Ran by Moose (administrator) on MOOSE-PC on 06-10-2014 12:07:06
Running from C:\Users\Moose\Downloads
Loaded Profile: Moose (Available profiles: Moose)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\MSI\Super RAID\SuperRAIDSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Akamai Technologies, Inc.) C:\Users\Moose\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Moose\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Zemana Ltd.) C:\Program Files (x86)\AntiLogger\AntiLogger.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-28] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-10] (Intel Corporation)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [506864 2013-03-08] (MSI)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [BCSSync] => D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [AntiLogger] => C:\Program Files (x86)\AntiLogger\AntiLogger.exe [19362728 2014-03-26] (Zemana Ltd.)
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938112 2014-09-23] (Valve Corporation)
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [242688 2013-11-05] (SteelSeries ApS)
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Moose\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\Run: [Google Update] => C:\Users\Moose\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-29] (Google Inc.)
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\MountPoints2: E - E:\SETUP.EXE
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\MountPoints2: {edc8a2c9-1b8b-11e3-9296-806e6f6e6963} - D:\DVDSetup.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE0112AC699AFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Moose\AppData\Roaming\Mozilla\Firefox\Profiles\9y8bbvzs.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Moose\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Moose\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Moose\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Moose\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Moose\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Users\Moose\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Moose\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Moose\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Windows Media Player Extension for Firefox - C:\Users\Moose\AppData\Roaming\Mozilla\Firefox\Profiles\9y8bbvzs.default\Extensions\jid0-nRwp7VvCqZcSRTppwWz2npqGEKw@jetpack [2014-02-09]
FF Extension: FT DeepDark - C:\Users\Moose\AppData\Roaming\Mozilla\Firefox\Profiles\9y8bbvzs.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-09-20]
FF Extension: WOT - C:\Users\Moose\AppData\Roaming\Mozilla\Firefox\Profiles\9y8bbvzs.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Turn Off the Lights - C:\Users\Moose\AppData\Roaming\Mozilla\Firefox\Profiles\9y8bbvzs.default\Extensions\stefanvandamme@stefanvd.net.xpi [2013-09-26]
FF Extension: Black Youtube Theme - C:\Users\Moose\AppData\Roaming\Mozilla\Firefox\Profiles\9y8bbvzs.default\Extensions\{2c93446d-612b-416d-9af0-b7355797b611}.xpi [2013-09-26]
FF Extension: Download Status Bar - C:\Users\Moose\AppData\Roaming\Mozilla\Firefox\Profiles\9y8bbvzs.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-01-23]
FF Extension: Adblock Plus - C:\Users\Moose\AppData\Roaming\Mozilla\Firefox\Profiles\9y8bbvzs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-26]
FF Extension: Download Statusbar - C:\Users\Moose\AppData\Roaming\Mozilla\Firefox\Profiles\9y8bbvzs.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-09-26]

Chrome:
=======
CHR Profile: C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2014-09-19]
CHR Extension: (Google Docs) - C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-12]
CHR Extension: (Google Drive) - C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-12]
CHR Extension: (Adblock Plus) - C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-15]
CHR Extension: (Google Search) - C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-12]
CHR Extension: (Google Wallet) - C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Page Monitor) - C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-03-14]
CHR Extension: (Gmail) - C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; D:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2013-12-19] (Perfect World Entertainment Inc)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [166112 2013-09-05] (Futuremark)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [668984 2013-02-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [30963576 2010-01-21] (Microsoft Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-04-18] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2013-09-26] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [218496 2013-09-26] ()
R2 SuperRAIDSvc; C:\MSI\Super RAID\SuperRAIDSvc.exe [15872 2013-04-03] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-10-06] (Zemana Ltd.)
S3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [43800 2012-12-13] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 NTIOLib_1_0_1; C:\MSI\Super RAID\NTIOLib_X64.sys [14136 2012-06-11] (MSI)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)
S3 sclbl; D:\AeriaGames\ScarletBlade\avital\scarbt64.sys [86352 2014-03-27] ()
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 MFE_RR; \??\C:\Users\Moose\AppData\Local\Temp\mfe_rr.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-06 12:07 - 2014-10-06 12:07 - 00019408 _____ () C:\Users\Moose\Downloads\FRST.txt
2014-10-06 12:06 - 2014-10-06 12:07 - 00000000 ____D () C:\FRST
2014-10-06 12:06 - 2014-10-06 12:06 - 02109952 _____ (Farbar) C:\Users\Moose\Downloads\FRST64.exe
2014-10-06 01:54 - 2014-10-06 01:54 - 29202688 _____ (Zemana Ltd. ) C:\Users\Moose\Downloads\Zemana_AntiLogger_1.9.3.525.exe
2014-10-06 01:54 - 2014-10-06 01:54 - 00049752 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys
2014-10-06 01:54 - 2014-10-06 01:54 - 00000913 _____ () C:\Users\Public\Desktop\AntiLogger.lnk
2014-10-06 01:54 - 2014-10-06 01:54 - 00000000 __HDC () C:\ProgramData\{727C5CC8-3A5E-4517-BA8B-35A93F9B2EBD}
2014-10-06 01:54 - 2014-10-06 01:54 - 00000000 ____D () C:\Users\Moose\AppData\Local\Zemana
2014-10-06 01:54 - 2014-10-06 01:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiLogger
2014-10-06 01:54 - 2014-10-06 01:54 - 00000000 ____D () C:\Program Files (x86)\AntiLogger
2014-10-06 01:17 - 2014-10-06 12:05 - 00002138 _____ () C:\Users\Moose\Desktop\Rkill.txt
2014-10-06 01:17 - 2014-10-06 01:17 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Moose\Downloads\rkill.exe
2014-10-06 00:23 - 2014-10-06 00:23 - 00000000 ____D () C:\Windows\pss
2014-10-05 19:55 - 2014-10-05 19:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Moose\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-05 19:55 - 2014-10-05 19:55 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-05 19:55 - 2014-10-05 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-05 19:55 - 2014-10-05 19:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-05 19:55 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-05 19:55 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-05 19:43 - 2014-10-06 11:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-05 19:43 - 2014-10-05 19:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-05 19:43 - 2014-10-05 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-05 19:43 - 2014-10-05 19:51 - 00000000 ____D () C:\Users\Moose\Desktop\mbar
2014-10-05 19:43 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-05 19:41 - 2014-10-05 19:41 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Moose\Downloads\mbar-1.07.0.1012.exe
2014-10-05 19:41 - 2014-10-05 19:41 - 00783120 _____ (McAfee, Inc.) C:\Users\Moose\Downloads\rootkitremover.exe
2014-10-05 19:41 - 2014-10-05 19:41 - 00000310 _____ () C:\Users\Moose\Downloads\RootkitRemover_20141005_194110.log
2014-10-01 23:20 - 2014-10-03 18:42 - 00000000 ____D () C:\Users\Moose\Desktop\GMUWORK
2014-10-01 16:28 - 2014-10-01 16:28 - 00000000 ___SD () C:\Users\Moose\Documents\My Shapes
2014-10-01 16:25 - 2014-10-01 16:25 - 00000162 _____ () C:\Windows\ODBC.INI
2014-10-01 16:25 - 2014-10-01 16:25 - 00000039 _____ () C:\Windows\vbaddin.ini
2014-10-01 16:25 - 2014-10-01 16:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-10-01 00:52 - 2014-10-01 00:52 - 00000000 ____D () C:\Users\Moose\Documents\WB Games
2014-10-01 00:52 - 2014-10-01 00:52 - 00000000 ____D () C:\Users\Moose\AppData\Roaming\Steam
2014-10-01 00:41 - 2014-10-01 00:41 - 00000752 _____ () C:\Users\Moose\Desktop\Middle Earth Shadow of Mordor.lnk
2014-10-01 00:41 - 2014-10-01 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Middle Earth Shadow of Mordor
2014-09-26 00:41 - 2014-09-26 00:41 - 00441968 _____ () C:\Windows\Minidump\092614-10155-01.dmp
2014-09-26 00:41 - 2014-09-26 00:41 - 00000000 ____D () C:\Windows\Minidump
2014-09-26 00:39 - 2014-10-06 11:48 - 00003280 _____ () C:\Windows\System32\Tasks\Intel® Rapid Start Technology Manager
2014-09-25 14:05 - 2014-09-25 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-25 14:04 - 2014-09-25 14:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-25 14:04 - 2014-09-25 14:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-24 15:07 - 2014-09-24 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-22 18:12 - 2014-09-22 18:12 - 00000000 ____D () C:\Users\Moose\.ss2
2014-09-20 19:53 - 2014-10-04 19:27 - 00000000 ____D () C:\Users\Moose\AppData\Local\join.me
2014-09-20 19:53 - 2014-09-20 19:53 - 00001066 _____ () C:\Users\Moose\Desktop\join.me.lnk
2014-09-20 19:53 - 2014-09-20 19:53 - 00001066 _____ () C:\Users\Moose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-09-20 19:53 - 2014-09-20 19:53 - 00000000 ____D () C:\Users\Moose\AppData\Local\LogMeIn
2014-09-20 19:53 - 2014-09-20 19:53 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-09-15 22:25 - 2014-09-15 22:25 - 00000000 ____D () C:\Users\Moose\Documents\AVS4YOU
2014-09-15 22:24 - 2014-09-15 22:24 - 00000000 ____D () C:\Users\Moose\AppData\Roaming\AVS4YOU
2014-09-15 22:24 - 2014-09-15 22:24 - 00000000 ____D () C:\ProgramData\AVS4YOU
2014-09-15 22:23 - 2014-09-15 22:23 - 00000000 ____D () C:\Users\Moose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2014-09-15 22:23 - 2014-09-15 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2014-09-15 22:23 - 2014-09-15 22:23 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2014-09-15 22:23 - 2011-06-23 13:26 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2014-09-15 22:23 - 2011-06-23 13:25 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2014-09-15 22:20 - 2014-09-15 22:21 - 154363320 _____ (Online Media Technologies Ltd. ) C:\Users\Moose\Downloads\AVSVideoEditor.exe
2014-09-15 19:13 - 2014-09-15 19:13 - 00000598 _____ () C:\Users\Moose\Downloads\Matlab R2014a.rdp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-06 12:03 - 2013-11-13 15:39 - 00004119 _____ () C:\Users\Moose\Desktop\New Text Document.txt
2014-10-06 11:56 - 2009-07-14 01:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-06 11:55 - 2009-07-14 00:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-06 11:55 - 2009-07-14 00:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-06 11:52 - 2013-09-12 04:49 - 01830453 _____ () C:\Windows\WindowsUpdate.log
2014-10-06 11:48 - 2013-09-12 18:22 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-06 11:48 - 2013-09-12 17:30 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-06 11:48 - 2010-11-20 23:47 - 00139348 _____ () C:\Windows\PFRO.log
2014-10-06 11:48 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-06 11:48 - 2009-07-14 00:51 - 00068053 _____ () C:\Windows\setupact.log
2014-10-06 01:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Cursors
2014-10-06 01:36 - 2013-09-12 17:30 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-06 01:33 - 2014-04-23 21:16 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2119550377-2983991064-3718658128-1000UA.job
2014-10-06 00:48 - 2013-10-12 23:00 - 00007620 _____ () C:\Users\Moose\AppData\Local\Resmon.ResmonCfg
2014-10-06 00:44 - 2013-10-03 22:40 - 00000627 _____ () C:\Users\Moose\AppData\Roaming\All CPU MeterV3_Settings.ini
2014-10-04 01:08 - 2014-06-11 18:49 - 00000486 _____ () C:\Users\Moose\Desktop\New Text Document (2).txt
2014-10-02 14:05 - 2009-07-14 00:45 - 00425584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-02 03:13 - 2014-01-30 00:02 - 00000000 ____D () C:\Users\Moose\AppData\Roaming\Azureus
2014-10-01 23:20 - 2014-02-01 20:35 - 00000000 ____D () C:\Users\Moose\Desktop\bindersale
2014-10-01 17:32 - 2013-09-12 17:30 - 00113808 _____ () C:\Users\Moose\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-01 16:26 - 2014-08-31 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-10-01 16:26 - 2014-08-31 23:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-01 16:25 - 2014-08-31 23:08 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-10-01 16:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-28 21:13 - 2014-05-04 20:58 - 00000000 ____D () C:\Users\Moose\AppData\Local\Battle.net
2014-09-28 20:19 - 2013-10-04 03:18 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2014-09-28 20:19 - 2013-10-04 03:18 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-09-25 11:59 - 2013-09-26 00:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-22 18:12 - 2013-09-12 04:48 - 00000000 ____D () C:\Users\Moose
2014-09-22 02:42 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-18 14:42 - 2014-01-21 20:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-15 19:14 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

Files to move or delete:
====================
C:\Users\Moose\jagex_cl_oldschool_LIVE.dat
C:\Users\Moose\jagex_cl_runescape_LIVE.dat
C:\Users\Moose\jagex_cl_speccollect_LIVE.dat
C:\Users\Moose\random.dat


Some content of TEMP:
====================
C:\Users\Moose\AppData\Local\Temp\13-9_win7_win8_64_dd_ccc_whql.exe
C:\Users\Moose\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\Moose\AppData\Local\Temp\devcon64.exe
C:\Users\Moose\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Moose\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Moose\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\Moose\AppData\Local\Temp\nsj4677.tmp.exe
C:\Users\Moose\AppData\Local\Temp\ose00000.exe
C:\Users\Moose\AppData\Local\Temp\safeguard.exe
C:\Users\Moose\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Moose\AppData\Local\Temp\SRLDetectionLibrary2871533934146134071.dll
C:\Users\Moose\AppData\Local\Temp\x2blapi.dll
C:\Users\Moose\AppData\Local\Temp\YgoUpdater.exe
C:\Users\Moose\AppData\Local\Temp\_isA119.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 03:21

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014
Ran by Moose at 2014-10-06 12:07:19
Running from C:\Users\Moose\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Age of Mythology: Extended Edition (HKLM-x32\...\QWdlb2ZNeXRob2xvZ3lFeHRlbmRlZEVkaXRpb24=_is1) (Version: 1 - )
AIDA64 Extreme Edition v3.20 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 3.20 - FinalWire Ltd.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1E9871B6-7C44-9A3A-A1C0-F9729663C7F5}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80830.1925 - Advanced Micro Devices, Inc.) Hidden
AntiLogger (HKLM-x32\...\AntiLogger) (Version: - Zemana Ltd.)
AntiLogger (x32 Version: 1.9.3.525 - Zemana Ltd.) Hidden
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
AVS Video Editor 6.5 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.5.1.246 - Online Media Technologies Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BeamNG-Techdemo-0.3 (remove only) (HKCU\...\BeamNG-Techdemo-0.3) (Version: - )
Blood Bowl: Legendary Edition (HKLM-x32\...\Steam App 58520) (Version: - Cyanide Studios)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version: - Criterion Games)
Capsule (HKLM-x32\...\Capsule) (Version: 1.0.000 - Green Man Gaming Limited)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco Unified Presenter Add-in 6x5 (HKCU\...\Cisco Unified Presenter Add-in 6x5) (Version: - )
Cities XL Platinum (HKLM-x32\...\Steam App 231140) (Version: - Focus Home Interactive)
Confrontation (HKLM-x32\...\Steam App 204560) (Version: - Cyanide Studios)
Divinity II: Developer's Cut (HKLM-x32\...\Steam App 219780) (Version: - Larian Studios)
DmC Devil May Cry (HKLM-x32\...\Steam App 220440) (Version: - Ninja Theory)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dynasty Warriors 8 Xtreme Legends (HKLM-x32\...\Dynasty Warriors 8 Xtreme Legends_is1) (Version: - )
EZ-Builder (HKLM-x32\...\{DC934C13-43C1-4422-B8BA-2005F15D495A}) (Version: 13.12.19 - EZ-Robot Inc.)
F.E.A.R. 3 (HKLM-x32\...\Steam App 21100) (Version: - Day 1 Studios)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{A72D5E68-8168-4B0F-AA78-163FF36F6D66}) (Version: 4.20.168 - Futuremark Corporation)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Garry)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
GRID Autosport (HKLM-x32\...\R1JJREF1dG9zcG9ydA==_is1) (Version: 1 - )
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version: - Adhesive Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hex Workshop v6.7 (HKLM\...\{A47DAFC0-AF57-4462-BD40-B3F02F33CB40}) (Version: 6.7.3.5308 - BreakPoint Software)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1008 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
jGRASP (HKLM-x32\...\jGRASP) (Version: 2.0.0_08 Beta 7 - )
join.me (HKCU\...\JoinMe) (Version: 1.17.0.131 - LogMeIn, Inc.)
Just Cause 2 Demo (HKLM-x32\...\Steam App 35110) (Version: - Avalanche)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Loadout (HKLM-x32\...\Steam App 208090) (Version: - Edge of Reality)
Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Men of War: Assault Squad (HKLM-x32\...\Steam App 64000) (Version: - Digitalmindsoft)
Men of War: Red Tide (HKLM-x32\...\Steam App 3130) (Version: - 1C Company)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6506.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.3.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Middle Earth Shadow of Mordor (HKLM-x32\...\Middle Earth Shadow of Mordor_is1) (Version: - )
Mortal Kombat Kollection (HKLM-x32\...\Steam App 205350) (Version: - Other Ocean Interactive)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.6 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.7 - Power Software Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.989 - Even Balance, Inc.)
RAW - Realms of Ancient War (HKLM-x32\...\Steam App 209730) (Version: - Wizarbox)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
RNX-N180UBE 11n USB Wireless LAN Driver (HKLM-x32\...\{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}) (Version: 1.00.0175 - Rosewill Corp.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version: - 5th Cell Media)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version: - Sega)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2173.3 - Hi-Rez Studios)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.171.34768 - SteelSeries)
Super RAID (HKLM-x32\...\{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1) (Version: 1.0.004 - MSI)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.018 - MSI)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM-x32\...\{FAB9454C-6A8D-4031-9652-8B1B1D561456}) (Version: 6.0.7.0 - Husdawg, LLC)
System Requirements Lab CYRI (HKLM-x32\...\{705216C1-BA52-4B16-AFE4-4143B340D62D}) (Version: 6.0.12.6 - Husdawg, LLC)
TERA (HKCU\...\teraenmasse) (Version: - )
TextMaker Viewer (HKLM-x32\...\TextMaker Viewer) (Version: - SoftMaker Software GmbH)
The Amazing Spider-Man 2 (HKLM-x32\...\VGhlQW1hemluZ1NwaWRlck1hbjI=_is1) (Version: 1 - )
The Lord of the Rings: War in the North (HKLM-x32\...\Steam App 32800) (Version: - Snowblind Studios)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version: - The Creative Assembly)
Ultra Street Fighter IV (HKLM-x32\...\VWx0cmFTdHJlZXRGaWdodGVySVY=_is1) (Version: 1 - )
Unity (HKLM-x32\...\Unity) (Version: 4.5.2f1 - Unity Technologies ApS)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
XIII Century (HKLM-x32\...\Steam App 34420) (Version: - Unicorn Games Studio)
XSplit Broadcaster (HKLM-x32\...\{6459F338-FE52-4034-BCA7-74772DA0F24D}) (Version: 1.3.1403.1202 - SplitMediaLabs)
YGOPro (HKLM-x32\...\YGOPro) (Version: 1.033.0 - Gruntmods Studios)
YGOPro DevPro version 1.9.7 r2 (HKLM-x32\...\{3CF2634F-3F38-4DD3-9201-CB2FE6B5FF23}_is1) (Version: 1.9.7 r2 - YGOPro DevPro Online)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2119550377-2983991064-3718658128-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Moose\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2119550377-2983991064-3718658128-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Moose\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2119550377-2983991064-3718658128-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Moose\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2119550377-2983991064-3718658128-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Moose\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

03-10-2014 05:26:37 Windows Update
05-10-2014 23:00:12 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08B93E47-3227-4092-9EEF-7F5BEB76109A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {1D591427-2CEB-410F-BE7F-58C48C83C06F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2119550377-2983991064-3718658128-1000Core => C:\Users\Moose\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-29] (Google Inc.)
Task: {2965FB73-64B7-4DE4-8BE9-16CD1EE6AB71} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2119550377-2983991064-3718658128-1000UA => C:\Users\Moose\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-29] (Google Inc.)
Task: {3AD459B3-5111-4DFC-8601-ADED9A7705A5} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {3E973C6A-5A09-4DAB-B94F-B5F939202D4B} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {9410026A-3132-47BC-876C-78EF9677D971} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {A12F68B1-FB21-4C80-B540-6E100C97BEEB} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-02-08] (Intel)
Task: {C3F2693B-5963-46AF-B8AC-9F5C00D5AC82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-12] (Google Inc.)
Task: {F106834A-F9EC-4E61-BF58-17977461D8C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-12] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2119550377-2983991064-3718658128-1000Core.job => C:\Users\Moose\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2119550377-2983991064-3718658128-1000UA.job => C:\Users\Moose\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-19 23:59 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2013-11-05 13:19 - 2013-11-05 13:19 - 00708096 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00175104 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-02-17 17:21 - 2014-02-17 17:21 - 00089915 _____ () C:\Users\Moose\AppData\Local\Temp\10d2ca4a-28d7-4d81-8c1e-dc42bb6c83fc\CliSecureRT64.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00280064 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00139776 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00148480 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00145408 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2013-01-10 01:46 - 2013-01-10 01:46 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 09562112 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2013-01-10 01:46 - 2013-01-10 01:46 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00209408 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CustomWPFColorPicker.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00349696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00171008 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00173056 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00171008 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00307200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00154624 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00170496 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00169472 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00169984 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00157184 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00170496 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00169984 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2013-09-26 17:52 - 2013-09-26 17:52 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-26 17:52 - 2013-09-26 17:53 - 00218496 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-19 23:52 - 2013-04-03 10:03 - 00015872 _____ () C:\MSI\Super RAID\SuperRAIDSvc.exe
2014-08-29 01:12 - 2014-08-21 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 01:12 - 2014-08-21 14:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 01:12 - 2014-08-21 14:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-08-21 14:18 - 2014-09-03 15:28 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-23 15:12 - 2014-09-23 00:32 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 01:12 - 2014-08-21 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 01:12 - 2014-08-21 14:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-09-06 12:55 - 2014-09-23 00:32 - 00679616 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-09-25 23:59 - 2013-09-25 23:59 - 00132608 _____ () C:\Users\Moose\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUMonitor.gadget\GetGPUInfo.dll
2013-10-03 22:40 - 2013-10-03 22:40 - 00012520 _____ () C:\Users\Moose\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2013-10-03 22:40 - 2013-10-03 22:40 - 00015080 _____ () C:\Users\Moose\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2013-10-03 22:40 - 2013-10-03 22:40 - 00014056 _____ () C:\Users\Moose\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2007-12-24 01:08 - 2013-09-25 23:46 - 00391680 _____ () C:\Program Files (x86)\RocketDock\Docklets\StackDocklet\StackDocklet.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () D:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-19 23:52 - 2013-03-13 13:33 - 01732608 _____ () C:\MSI\Super RAID\SuperRAIDExt.DLL
2013-08-07 11:31 - 2014-09-04 19:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-09-19 23:49 - 2013-03-12 16:20 - 01199576 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-09-24 15:07 - 2014-09-24 15:08 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Moose^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: RGSC => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

========================= Accounts: ==========================

Administrator (S-1-5-21-2119550377-2983991064-3718658128-500 - Administrator - Disabled)
Guest (S-1-5-21-2119550377-2983991064-3718658128-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2119550377-2983991064-3718658128-1002 - Limited - Enabled)
Moose (S-1-5-21-2119550377-2983991064-3718658128-1000 - Administrator - Enabled) => C:\Users\Moose

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/06/2014 11:50:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2014 11:48:24 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: irstrtsvError: Unable to obtain an interface instance for the driver interface. No more data is available.

Error: (10/06/2014 02:00:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2014 01:58:45 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: irstrtsvError: Unable to obtain an interface instance for the driver interface. No more data is available.

Error: (10/05/2014 07:02:16 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The backup storage location is invalid. You cannot use a volume that is included in the backup as a storage location. (0x80780040).

Error: (10/05/2014 06:37:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/05/2014 06:35:25 PM) (Source: irstrtsv) (EventID: 0) (User: )
Description: irstrtsvError: Unable to obtain an interface instance for the driver interface. No more data is available.

Error: (10/04/2014 06:28:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2014 06:26:44 PM) (Source: irstrtsv) (EventID: 0) (User: )
Description: irstrtsvError: Unable to obtain an interface instance for the driver interface. No more data is available.

Error: (10/03/2014 04:13:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/06/2014 11:48:26 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/06/2014 01:58:46 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/05/2014 06:35:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/04/2014 06:26:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/03/2014 04:11:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/03/2014 04:30:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/03/2014 01:15:08 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/02/2014 02:05:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/01/2014 04:18:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/30/2014 02:30:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-10-04 00:52:38.389
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-04 00:52:38.386
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-04 00:52:37.353
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-04 00:52:37.347
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-04 00:52:36.340
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-04 00:52:36.338
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-04 00:52:35.335
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-04 00:52:35.334
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-04 00:52:32.543
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-04 00:52:32.536
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 28%
Total physical RAM: 8133.75 MB
Available physical RAM: 5842.64 MB
Total Pagefile: 16265.68 MB
Available Pagefile: 13603.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:110.14 GB) (Free:18.99 GB) NTFS
Drive d: (HDD) (Fixed) (Total:1863.01 GB) (Free:970.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 6111033E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=84)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 5538E8E5)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Files


Edited by Oh My!, 11 October 2014 - 09:46 AM.
Posted logs


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,201 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:47 AM

Posted 11 October 2014 - 09:45 AM

Greetings Xenon366 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please provide a fresh FRST and Addition.txt report in your reply. In addition, please do this.

===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#3 Xenon366

Xenon366
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 13 October 2014 - 04:44 PM

Thanks for the help!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by Moose (administrator) on MOOSE-PC on 13-10-2014 17:36:28
Running from C:\Users\Moose\Downloads
Loaded Profile: Moose (Available profiles: Moose)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(MicroStrategy Incorporated) C:\Program Files (x86)\Common Files\MicroStrategy\HealthCenter\MSTRExec.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(MicroStrategy Incorporated) C:\Program Files (x86)\MicroStrategy\Enterprise Manager\MAEMETLS.EXE
(MicroStrategy Incorporated) C:\Program Files (x86)\Common Files\MicroStrategy\MSTRLsn2_64.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Oracle Corporation) D:\app\oracle\product\11.2.0\server\bin\oracle.exe
(Oracle Corporation) D:\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Program Files (x86)\DataDirect\slserver55\bin\swagent.exe
() C:\Program Files (x86)\DataDirect\slserver55\bin\swstrtr.exe
() C:\Program Files (x86)\DataDirect\slserver55\bin\swsocw.exe
() C:\MSI\Super RAID\SuperRAIDSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Akamai Technologies, Inc.) C:\Users\Moose\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Moose\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Zemana Ltd.) C:\Program Files (x86)\AntiLogger\AntiLogger.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-28] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-10] (Intel Corporation)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [506864 2013-03-08] (MSI)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [BCSSync] => D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [AntiLogger] => C:\Program Files (x86)\AntiLogger\AntiLogger.exe [19362728 2014-03-26] (Zemana Ltd.)
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938112 2014-09-23] (Valve Corporation)
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [242688 2013-11-05] (SteelSeries ApS)
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Moose\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\Run: [Google Update] => C:\Users\Moose\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-29] (Google Inc.)
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\MountPoints2: E - E:\SETUP.EXE
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\MountPoints2: {edc8a2c9-1b8b-11e3-9296-806e6f6e6963} - D:\DVDSetup.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE0112AC699AFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Moose\AppData\Roaming\Mozilla\Firefox\Profiles\9y8bbvzs.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Moose\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Moose\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Moose\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Moose\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Moose\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Users\Moose\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Moose\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Moose\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Windows Media Player Extension for Firefox - C:\Users\Moose\AppData\Roaming\Mozilla\Firefox\Profiles\9y8bbvzs.default\Extensions\jid0-nRwp7VvCqZcSRTppwWz2npqGEKw@jetpack [2014-02-09]
FF Extension: FT DeepDark - C:\Users\Moose\AppData\Roaming\Mozilla\Firefox\Profiles\9y8bbvzs.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-09-20]
FF Extension: WOT - C:\Users\Moose\AppData\Roaming\Mozilla\Firefox\Profiles\9y8bbvzs.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Turn Off the Lights - C:\Users\Moose\AppData\Roaming\Mozilla\Firefox\Profiles\9y8bbvzs.default\Extensions\stefanvandamme@stefanvd.net.xpi [2013-09-26]
FF Extension: Black Youtube Theme - C:\Users\Moose\AppData\Roaming\Mozilla\Firefox\Profiles\9y8bbvzs.default\Extensions\{2c93446d-612b-416d-9af0-b7355797b611}.xpi [2013-09-26]
FF Extension: Download Status Bar - C:\Users\Moose\AppData\Roaming\Mozilla\Firefox\Profiles\9y8bbvzs.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-01-23]
FF Extension: Adblock Plus - C:\Users\Moose\AppData\Roaming\Mozilla\Firefox\Profiles\9y8bbvzs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-26]
FF Extension: Download Statusbar - C:\Users\Moose\AppData\Roaming\Mozilla\Firefox\Profiles\9y8bbvzs.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-09-26]

Chrome:
=======
CHR Profile: C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2014-09-19]
CHR Extension: (Google Docs) - C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-12]
CHR Extension: (Google Drive) - C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-12]
CHR Extension: (Adblock Plus) - C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-15]
CHR Extension: (Google Search) - C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-12]
CHR Extension: (Google Wallet) - C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Page Monitor) - C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-03-14]
CHR Extension: (Gmail) - C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; D:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2013-12-19] (Perfect World Entertainment Inc)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [166112 2013-09-05] (Futuremark)
R2 HealthAgent; C:\Program Files (x86)\Common Files\MicroStrategy\HealthCenter\MSTRExec.EXE [197120 2013-10-23] (MicroStrategy Incorporated) [File not signed]
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [668984 2013-02-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MAEMETLS; C:\Program Files (x86)\MicroStrategy\Enterprise Manager\MAEMETLS.exe [82008 2013-10-23] (MicroStrategy Incorporated) [File not signed]
R2 MAPing; C:\Program Files (x86)\Common Files\MicroStrategy\MSTRLsn2_64.exe [281088 2013-10-23] (MicroStrategy Incorporated) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 MHealthAgent; C:\Program Files (x86)\Common Files\MicroStrategy\HealthCenter\MSTRExec.EXE [197120 2013-10-23] (MicroStrategy Incorporated) [File not signed]
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [30963576 2010-01-21] (Microsoft Corporation)
S2 MicroStrategy Intelligence Server; C:\Program Files (x86)\MicroStrategy\Intelligence Server\MSTRSvr2_64.exe [281088 2013-10-23] (MicroStrategy Incorporated) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-04-18] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
S4 OracleJobSchedulerXE; d:\app\oracle\product\11.2.0\server\Bin\extjob.exe [45568 2014-05-29] () [File not signed]
S3 OracleMTSRecoveryService; D:\app\oracle\product\11.2.0\server\BIN\omtsreco.exe [81408 2014-05-29] (Oracle Corporation) [File not signed]
R2 OracleServiceXE; d:\app\oracle\product\11.2.0\server\bin\ORACLE.EXE [147110912 2014-05-30] (Oracle Corporation) [File not signed]
S3 OracleXEClrAgent; D:\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe [83968 2014-05-29] (Oracle Corporation) [File not signed]
R2 OracleXETNSListener; D:\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [522240 2014-05-29] (Oracle Corporation) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2013-09-26] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [218496 2013-09-26] ()
R2 SLAgent55; C:\Program Files (x86)\DataDirect\slserver55\bin\swagent.exe [757829 2013-10-23] () [File not signed]
R2 SLSocket55; C:\Program Files (x86)\DataDirect\slserver55\bin\swstrtr.exe [118853 2013-10-23] () [File not signed]
R2 SuperRAIDSvc; C:\MSI\Super RAID\SuperRAIDSvc.exe [15872 2013-04-03] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-10-06] (Zemana Ltd.)
S3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [43800 2012-12-13] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 NTIOLib_1_0_1; C:\MSI\Super RAID\NTIOLib_X64.sys [14136 2012-06-11] (MSI)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)
S3 sclbl; D:\AeriaGames\ScarletBlade\avital\scarbt64.sys [86352 2014-03-27] ()
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 MFE_RR; \??\C:\Users\Moose\AppData\Local\Temp\mfe_rr.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-13 17:30 - 2014-10-13 17:30 - 00000000 ____D () C:\Users\Moose\Downloads\FRST-OlderVersion
2014-10-13 17:26 - 2014-10-13 17:26 - 02764646 _____ () C:\Users\Moose\Desktop\Summary.nfo
2014-10-13 15:15 - 2014-10-13 15:15 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-11 18:42 - 2014-10-11 18:42 - 00000000 ____D () C:\Users\Moose\MicroStrategy
2014-10-08 21:53 - 2014-10-08 21:54 - 00000000 ____D () C:\Users\Moose\Desktop\Watches
2014-10-06 20:08 - 2014-10-06 20:08 - 00000000 ____D () C:\Users\Moose\AppData\Roaming\Microsoft Corporation
2014-10-06 20:03 - 2014-10-10 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MicroStrategy Tools
2014-10-06 20:03 - 2014-10-10 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MicroStrategy Products
2014-10-06 20:03 - 2014-10-10 18:51 - 00000000 ____D () C:\Program Files (x86)\MicroStrategy
2014-10-06 20:03 - 2014-10-06 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MicroStrategy Documentation
2014-10-06 20:03 - 2014-10-06 20:03 - 00000000 ____D () C:\Program Files (x86)\DataDirect
2014-10-06 20:03 - 2013-10-23 14:14 - 00464384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SQLDMO.ENU
2014-10-06 20:03 - 2013-10-23 14:14 - 00295514 _____ () C:\Windows\SysWOW64\VB6.OLB
2014-10-06 20:03 - 2013-10-23 14:14 - 00279098 _____ () C:\Windows\SysWOW64\VB5.OLB
2014-10-06 20:03 - 2013-10-23 14:14 - 00024576 _____ (MicroStrategy Incorporated) C:\Windows\SysWOW64\MACONMAN.cpl
2014-10-06 20:03 - 2013-10-23 14:14 - 00000102 _____ () C:\Windows\SysWOW64\ActBar.lic
2014-10-06 20:03 - 2013-10-23 13:50 - 01286152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2014-10-06 20:03 - 2013-10-23 13:50 - 01012224 _____ (Home Page Software Inc. -- webster@homepagesw.com) C:\Windows\SysWOW64\WEBPRO32.OCX
2014-10-06 20:03 - 2013-10-23 13:49 - 00724992 _____ (Sax.net) C:\Windows\SysWOW64\smartui.OCX
2014-10-06 20:03 - 2013-10-23 13:48 - 01400320 _____ (Sybase, Visual Components) C:\Windows\SysWOW64\VCFI5.OCX
2014-10-06 20:03 - 2013-10-23 13:48 - 01009336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCHRT20.OCX
2014-10-06 20:03 - 2013-10-23 13:48 - 00987648 _____ (Visual Components, Inc.) C:\Windows\SysWOW64\VCF15.OCX
2014-10-06 20:03 - 2013-10-23 13:48 - 00407128 _____ (Lassalle Technologies) C:\Windows\SysWOW64\AddFlow4.ocx
2014-10-06 20:03 - 2013-10-23 13:48 - 00362576 _____ (Data Dynamics) C:\Windows\SysWOW64\ACTBAR.OCX
2014-10-06 20:03 - 2013-10-23 13:48 - 00244416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSFLXGRD.OCX
2014-10-06 20:03 - 2013-10-23 13:48 - 00203976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
2014-10-06 20:03 - 2013-10-23 13:48 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TLBINF32.DLL
2014-10-06 20:03 - 2013-10-23 13:48 - 00135168 _____ (Codejock Software) C:\Windows\SysWOW64\PropertyGrid.ocx
2014-10-06 20:03 - 2013-10-23 13:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCAL.OCX
2014-10-06 20:03 - 2013-10-23 13:48 - 00058568 _____ (Lassalle Technologies) C:\Windows\SysWOW64\HFlow.ocx
2014-10-06 20:03 - 2013-10-23 13:48 - 00044032 _____ (Microsoft) C:\Windows\SysWOW64\ntsvc.ocx
2014-10-06 20:03 - 2013-10-23 13:47 - 00684032 _____ (10Tec) C:\Windows\SysWOW64\iGrid250.OCX
2014-10-06 20:03 - 2013-10-23 13:47 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4r.dll
2014-10-06 20:03 - 2013-10-23 13:47 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
2014-10-06 20:03 - 2013-10-23 13:32 - 00647872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-10-06 20:03 - 2013-10-23 13:32 - 00608448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMCTL32.OCX
2014-10-06 20:03 - 2013-10-23 13:32 - 00415176 _____ (Microsoft Corporation ) C:\Windows\SysWOW64\COMCT332.OCX
2014-10-06 20:03 - 2013-10-23 13:32 - 00200704 _____ (Sheridan Software Systems, Inc.) C:\Windows\SysWOW64\THREED32.OCX
2014-10-06 20:03 - 2013-10-23 13:32 - 00164144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMCT232.OCX
2014-10-06 20:03 - 2013-10-23 13:32 - 00140488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2014-10-06 20:03 - 2013-10-23 13:32 - 00089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GRID32.OCX
2014-10-06 20:03 - 2013-10-23 13:32 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5STKIT.DLL
2014-10-06 19:00 - 2014-10-06 19:01 - 00000000 ____D () C:\Users\Moose\Desktop\MicroStrategy
2014-10-06 18:44 - 2014-10-06 18:44 - 00000000 ____D () C:\Users\Moose\AppData\Roaming\sqldeveloper
2014-10-06 18:44 - 2014-10-06 18:44 - 00000000 ____D () C:\Users\Moose\AppData\Roaming\SQL Developer
2014-10-06 18:40 - 2014-10-06 18:40 - 00001870 _____ () C:\Users\Public\Desktop\Get Started With Oracle Database 11g Express Edition .lnk
2014-10-06 18:40 - 2014-10-06 18:40 - 00000000 ____D () C:\Users\Moose\Oracle
2014-10-06 18:40 - 2014-10-06 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle Database 11g Express Edition
2014-10-06 18:34 - 2014-10-10 18:45 - 00000000 ____D () C:\Users\Moose\Desktop\sqldeveloper
2014-10-06 18:34 - 2014-05-30 01:52 - 00000000 ____D () C:\Users\Moose\Desktop\DISK1
2014-10-06 13:02 - 2014-10-06 13:02 - 00000597 _____ () C:\Users\Moose\Downloads\Matlab R2014a(1).rdp
2014-10-06 12:45 - 2014-10-06 12:45 - 00007155 _____ () C:\Users\Moose\Desktop\attach.txt
2014-10-06 12:45 - 2014-10-06 12:44 - 00018304 _____ () C:\Users\Moose\Desktop\dds.txt
2014-10-06 12:44 - 2014-10-06 12:44 - 00688992 ____R (Swearware) C:\Users\Moose\Downloads\dds.com
2014-10-06 12:19 - 2014-10-06 12:19 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Moose\Downloads\mbar-1.07.0.1012(1).exe
2014-10-06 12:16 - 2014-10-06 12:16 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Moose\Downloads\tdsskiller.exe
2014-10-06 12:07 - 2014-10-13 17:36 - 00021824 _____ () C:\Users\Moose\Downloads\FRST.txt
2014-10-06 12:07 - 2014-10-06 12:39 - 00043095 _____ () C:\Users\Moose\Downloads\Addition.txt
2014-10-06 12:06 - 2014-10-13 17:36 - 00000000 ____D () C:\FRST
2014-10-06 12:06 - 2014-10-13 17:30 - 02110464 _____ (Farbar) C:\Users\Moose\Downloads\FRST64.exe
2014-10-06 01:54 - 2014-10-06 01:54 - 29202688 _____ (Zemana Ltd. ) C:\Users\Moose\Downloads\Zemana_AntiLogger_1.9.3.525.exe
2014-10-06 01:54 - 2014-10-06 01:54 - 00049752 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys
2014-10-06 01:54 - 2014-10-06 01:54 - 00000000 __HDC () C:\ProgramData\{727C5CC8-3A5E-4517-BA8B-35A93F9B2EBD}
2014-10-06 01:54 - 2014-10-06 01:54 - 00000000 ____D () C:\Users\Moose\AppData\Local\Zemana
2014-10-06 01:54 - 2014-10-06 01:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiLogger
2014-10-06 01:54 - 2014-10-06 01:54 - 00000000 ____D () C:\Program Files (x86)\AntiLogger
2014-10-06 01:17 - 2014-10-10 00:43 - 00002138 _____ () C:\Users\Moose\Desktop\Rkill.txt
2014-10-06 01:17 - 2014-10-06 01:17 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Moose\Downloads\rkill.exe
2014-10-06 00:23 - 2014-10-06 00:23 - 00000000 ____D () C:\Windows\pss
2014-10-05 19:55 - 2014-10-13 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-05 19:55 - 2014-10-13 15:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-05 19:55 - 2014-10-05 19:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Moose\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-05 19:55 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-05 19:55 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-05 19:43 - 2014-10-13 17:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-05 19:43 - 2014-10-06 12:19 - 00000000 ____D () C:\Users\Moose\Desktop\mbar
2014-10-05 19:43 - 2014-10-05 19:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-05 19:43 - 2014-10-05 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-05 19:43 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-05 19:41 - 2014-10-05 19:41 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Moose\Downloads\mbar-1.07.0.1012.exe
2014-10-05 19:41 - 2014-10-05 19:41 - 00783120 _____ (McAfee, Inc.) C:\Users\Moose\Downloads\rootkitremover.exe
2014-10-05 19:41 - 2014-10-05 19:41 - 00000310 _____ () C:\Users\Moose\Downloads\RootkitRemover_20141005_194110.log
2014-10-01 23:20 - 2014-10-06 18:41 - 00000000 ____D () C:\Users\Moose\Desktop\GMUWORK
2014-10-01 16:28 - 2014-10-01 16:28 - 00000000 ___SD () C:\Users\Moose\Documents\My Shapes
2014-10-01 16:25 - 2014-10-01 16:25 - 00000162 _____ () C:\Windows\ODBC.INI
2014-10-01 16:25 - 2014-10-01 16:25 - 00000039 _____ () C:\Windows\vbaddin.ini
2014-10-01 16:25 - 2014-10-01 16:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-10-01 00:52 - 2014-10-01 00:52 - 00000000 ____D () C:\Users\Moose\Documents\WB Games
2014-10-01 00:52 - 2014-10-01 00:52 - 00000000 ____D () C:\Users\Moose\AppData\Roaming\Steam
2014-10-01 00:41 - 2014-10-01 00:41 - 00000752 _____ () C:\Users\Moose\Desktop\Middle Earth Shadow of Mordor.lnk
2014-10-01 00:41 - 2014-10-01 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Middle Earth Shadow of Mordor
2014-09-26 00:41 - 2014-10-07 22:08 - 00000000 ____D () C:\Windows\Minidump
2014-09-26 00:41 - 2014-09-26 00:41 - 00441968 _____ () C:\Windows\Minidump\092614-10155-01.dmp
2014-09-26 00:39 - 2014-10-13 15:03 - 00003276 _____ () C:\Windows\System32\Tasks\Intel® Rapid Start Technology Manager
2014-09-25 14:05 - 2014-09-25 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-25 14:04 - 2014-09-25 14:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-25 14:04 - 2014-09-25 14:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-24 15:07 - 2014-09-24 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-22 18:12 - 2014-09-22 18:12 - 00000000 ____D () C:\Users\Moose\.ss2
2014-09-20 19:53 - 2014-10-12 20:18 - 00000000 ____D () C:\Users\Moose\AppData\Local\join.me
2014-09-20 19:53 - 2014-09-20 19:53 - 00001066 _____ () C:\Users\Moose\Desktop\join.me.lnk
2014-09-20 19:53 - 2014-09-20 19:53 - 00001066 _____ () C:\Users\Moose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-09-20 19:53 - 2014-09-20 19:53 - 00000000 ____D () C:\Users\Moose\AppData\Local\LogMeIn
2014-09-20 19:53 - 2014-09-20 19:53 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-09-15 22:25 - 2014-09-15 22:25 - 00000000 ____D () C:\Users\Moose\Documents\AVS4YOU
2014-09-15 22:24 - 2014-09-15 22:24 - 00000000 ____D () C:\Users\Moose\AppData\Roaming\AVS4YOU
2014-09-15 22:24 - 2014-09-15 22:24 - 00000000 ____D () C:\ProgramData\AVS4YOU
2014-09-15 22:23 - 2014-09-15 22:23 - 00000000 ____D () C:\Users\Moose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2014-09-15 22:23 - 2014-09-15 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2014-09-15 22:23 - 2014-09-15 22:23 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2014-09-15 22:23 - 2013-10-23 13:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2014-09-15 22:23 - 2011-06-23 13:26 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2014-09-15 22:20 - 2014-09-15 22:21 - 154363320 _____ (Online Media Technologies Ltd. ) C:\Users\Moose\Downloads\AVSVideoEditor.exe
2014-09-15 19:13 - 2014-09-15 19:13 - 00000598 _____ () C:\Users\Moose\Downloads\Matlab R2014a.rdp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-13 17:36 - 2013-09-12 17:30 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-13 17:33 - 2014-04-23 21:16 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2119550377-2983991064-3718658128-1000UA.job
2014-10-13 17:23 - 2013-10-12 23:00 - 00007626 _____ () C:\Users\Moose\AppData\Local\Resmon.ResmonCfg
2014-10-13 15:28 - 2013-09-12 04:49 - 01755769 _____ () C:\Windows\WindowsUpdate.log
2014-10-13 15:11 - 2009-07-14 01:13 - 01015092 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-13 15:10 - 2009-07-14 00:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-13 15:10 - 2009-07-14 00:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-13 15:02 - 2013-09-12 18:22 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-13 15:02 - 2013-09-12 17:30 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-13 15:02 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-13 15:02 - 2009-07-14 00:51 - 00068669 _____ () C:\Windows\setupact.log
2014-10-12 20:17 - 2010-11-20 23:47 - 00140760 _____ () C:\Windows\PFRO.log
2014-10-12 00:56 - 2014-01-30 00:02 - 00000000 ____D () C:\Users\Moose\AppData\Roaming\Azureus
2014-10-12 00:48 - 2013-09-27 01:04 - 00000000 ____D () C:\Users\Moose\AppData\Roaming\vlc
2014-10-11 18:42 - 2013-09-12 04:48 - 00000000 ____D () C:\Users\Moose
2014-10-10 23:44 - 2014-03-27 00:38 - 00000000 ____D () C:\Users\Moose\AppData\Local\Akamai
2014-10-08 19:08 - 2014-04-21 19:46 - 00000000 ____D () C:\Users\Moose\Desktop\ygopro
2014-10-07 22:08 - 2013-09-13 07:43 - 00337879 ____N () C:\Windows\Minidump\100714-9531-01.dmp
2014-10-06 20:08 - 2013-10-03 22:14 - 00818144 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-06 20:08 - 2013-09-12 05:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-06 20:03 - 2009-07-13 22:34 - 00017576 _____ () C:\Windows\system32\Drivers\etc\services
2014-10-06 19:28 - 2014-06-26 22:02 - 00000000 ____D () C:\Users\Moose\Desktop\lols
2014-10-06 19:01 - 2014-06-11 18:49 - 00000499 _____ () C:\Users\Moose\Desktop\New Text Document (2).txt
2014-10-06 13:28 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-06 12:03 - 2013-11-13 15:39 - 00004119 _____ () C:\Users\Moose\Desktop\New Text Document.txt
2014-10-06 01:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Cursors
2014-10-06 00:44 - 2013-10-03 22:40 - 00000627 _____ () C:\Users\Moose\AppData\Roaming\All CPU MeterV3_Settings.ini
2014-10-02 14:05 - 2009-07-14 00:45 - 00425584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-01 23:20 - 2014-02-01 20:35 - 00000000 ____D () C:\Users\Moose\Desktop\bindersale
2014-10-01 17:32 - 2013-09-12 17:30 - 00113808 _____ () C:\Users\Moose\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-01 16:26 - 2014-08-31 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-10-01 16:26 - 2014-08-31 23:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-01 16:25 - 2014-08-31 23:08 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-10-01 16:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-28 21:13 - 2014-05-04 20:58 - 00000000 ____D () C:\Users\Moose\AppData\Local\Battle.net
2014-09-28 20:19 - 2013-10-04 03:18 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2014-09-28 20:19 - 2013-10-04 03:18 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-09-25 11:59 - 2013-09-26 00:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-22 02:42 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-18 14:42 - 2014-01-21 20:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

Files to move or delete:
====================
C:\Users\Moose\jagex_cl_oldschool_LIVE.dat
C:\Users\Moose\jagex_cl_runescape_LIVE.dat
C:\Users\Moose\jagex_cl_speccollect_LIVE.dat
C:\Users\Moose\random.dat


Some content of TEMP:
====================
C:\Users\Moose\AppData\Local\Temp\13-9_win7_win8_64_dd_ccc_whql.exe
C:\Users\Moose\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\Moose\AppData\Local\Temp\devcon64.exe
C:\Users\Moose\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Moose\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Moose\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\Moose\AppData\Local\Temp\nsj4677.tmp.exe
C:\Users\Moose\AppData\Local\Temp\ose00000.exe
C:\Users\Moose\AppData\Local\Temp\safeguard.exe
C:\Users\Moose\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Moose\AppData\Local\Temp\SRLDetectionLibrary2871533934146134071.dll
C:\Users\Moose\AppData\Local\Temp\x2blapi.dll
C:\Users\Moose\AppData\Local\Temp\YgoUpdater.exe
C:\Users\Moose\AppData\Local\Temp\_isA119.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 15:39

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014 02
Ran by Moose at 2014-10-13 17:36:41
Running from C:\Users\Moose\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Age of Mythology: Extended Edition (HKLM-x32\...\QWdlb2ZNeXRob2xvZ3lFeHRlbmRlZEVkaXRpb24=_is1) (Version: 1 - )
AIDA64 Extreme Edition v3.20 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 3.20 - FinalWire Ltd.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1E9871B6-7C44-9A3A-A1C0-F9729663C7F5}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80830.1925 - Advanced Micro Devices, Inc.) Hidden
AntiLogger (HKLM-x32\...\AntiLogger) (Version:  - Zemana Ltd.)
AntiLogger (x32 Version: 1.9.3.525 - Zemana Ltd.) Hidden
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
AVS Video Editor 6.5 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.5.1.246 - Online Media Technologies Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BeamNG-Techdemo-0.3 (remove only) (HKCU\...\BeamNG-Techdemo-0.3) (Version:  - )
Blood Bowl: Legendary Edition (HKLM-x32\...\Steam App 58520) (Version:  - Cyanide Studios)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
Capsule (HKLM-x32\...\Capsule) (Version: 1.0.000 - Green Man Gaming Limited)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco Unified Presenter Add-in 6x5 (HKCU\...\Cisco Unified Presenter Add-in 6x5) (Version:  - )
Cities XL Platinum (HKLM-x32\...\Steam App 231140) (Version:  - Focus Home Interactive)
Confrontation (HKLM-x32\...\Steam App 204560) (Version:  - Cyanide Studios)
DataDirect SequeLink 5.5 Service for ODBC Socket (HKLM-x32\...\{56F26EC0-0C9B-4550-B155-29E2C0DD9044}) (Version: 5.50.00 - DataDirect Technologies)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Divinity II: Developer's Cut (HKLM-x32\...\Steam App 219780) (Version:  - Larian Studios)
DmC Devil May Cry (HKLM-x32\...\Steam App 220440) (Version:  - Ninja Theory)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dynasty Warriors 8 Xtreme Legends (HKLM-x32\...\Dynasty Warriors 8 Xtreme Legends_is1) (Version:  - )
EZ-Builder (HKLM-x32\...\{DC934C13-43C1-4422-B8BA-2005F15D495A}) (Version: 13.12.19 - EZ-Robot Inc.)
F.E.A.R. 3 (HKLM-x32\...\Steam App 21100) (Version:  - Day 1 Studios)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{A72D5E68-8168-4B0F-AA78-163FF36F6D66}) (Version: 4.20.168 - Futuremark Corporation)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
GRID Autosport (HKLM-x32\...\R1JJREF1dG9zcG9ydA==_is1) (Version: 1 - )
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Adhesive Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hex Workshop v6.7 (HKLM\...\{A47DAFC0-AF57-4462-BD40-B3F02F33CB40}) (Version: 6.7.3.5308 - BreakPoint Software)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1008 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
jGRASP (HKLM-x32\...\jGRASP) (Version: 2.0.0_08 Beta 7 - )
join.me (HKCU\...\JoinMe) (Version: 1.17.0.153 - LogMeIn, Inc.)
Just Cause 2 Demo (HKLM-x32\...\Steam App 35110) (Version:  - Avalanche)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Men of War: Assault Squad (HKLM-x32\...\Steam App 64000) (Version:  - Digitalmindsoft)
Men of War: Red Tide (HKLM-x32\...\Steam App 3130) (Version:  - 1C Company)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6506.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.3.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
MicroStrategy Analytics Enterprise (HKLM-x32\...\{8CCF3F6C-55B7-4A27-8C68-ADF21D0585A2}) (Version: 9.4.1 - MicroStrategy Incorporated)
MicroStrategy OpenAccess for Salesforce (Workstation) (HKLM-x32\...\{3E59013E-AC49-4CAC-82DB-93BBDB9E9954}) (Version: 6.00.00.63 - MicroStrategy Incorporated)
Middle Earth Shadow of Mordor (HKLM-x32\...\Middle Earth Shadow of Mordor_is1) (Version:  - )
Mortal Kombat Kollection (HKLM-x32\...\Steam App 205350) (Version:  - Other Ocean Interactive)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.6 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
Oracle Database 11g Express Edition (HKLM-x32\...\InstallShield_{05A7B662-80A3-4EB9-AE1D-89A62449431C}) (Version: 11.2.0 - Oracle Corporation)
Oracle Database 11g Express Edition (Version: 11.2.0 - Oracle Corporation) Hidden
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.7 - Power Software Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.989 - Even Balance, Inc.)
RAW - Realms of Ancient War (HKLM-x32\...\Steam App 209730) (Version:  - Wizarbox)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
RNX-N180UBE 11n USB Wireless LAN Driver (HKLM-x32\...\{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}) (Version: 1.00.0175 - Rosewill Corp.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - 5th Cell Media)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version:  - Sega)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2173.3 - Hi-Rez Studios)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.171.34768 - SteelSeries)
Super RAID (HKLM-x32\...\{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1) (Version: 1.0.004 - MSI)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.018 - MSI)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM-x32\...\{FAB9454C-6A8D-4031-9652-8B1B1D561456}) (Version: 6.0.7.0 - Husdawg, LLC)
System Requirements Lab CYRI (HKLM-x32\...\{705216C1-BA52-4B16-AFE4-4143B340D62D}) (Version: 6.0.12.6 - Husdawg, LLC)
TERA (HKCU\...\teraenmasse) (Version:  - )
TextMaker Viewer (HKLM-x32\...\TextMaker Viewer) (Version:  - SoftMaker Software GmbH)
The Amazing Spider-Man 2 (HKLM-x32\...\VGhlQW1hemluZ1NwaWRlck1hbjI=_is1) (Version: 1 - )
The Lord of the Rings: War in the North (HKLM-x32\...\Steam App 32800) (Version:  - Snowblind Studios)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Ultra Street Fighter IV (HKLM-x32\...\VWx0cmFTdHJlZXRGaWdodGVySVY=_is1) (Version: 1 - )
Unity (HKLM-x32\...\Unity) (Version: 4.5.2f1 - Unity Technologies ApS)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
XIII Century (HKLM-x32\...\Steam App 34420) (Version:  - Unicorn Games Studio)
XSplit Broadcaster (HKLM-x32\...\{6459F338-FE52-4034-BCA7-74772DA0F24D}) (Version: 1.3.1403.1202 - SplitMediaLabs)
YGOPro (HKLM-x32\...\YGOPro) (Version: 1.033.0 - Gruntmods Studios)
YGOPro DevPro version 1.9.7 r2 (HKLM-x32\...\{3CF2634F-3F38-4DD3-9201-CB2FE6B5FF23}_is1) (Version: 1.9.7 r2 - YGOPro DevPro Online)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2119550377-2983991064-3718658128-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Moose\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2119550377-2983991064-3718658128-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Moose\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2119550377-2983991064-3718658128-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Moose\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2119550377-2983991064-3718658128-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Moose\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

07-10-2014 17:50:36 Windows Update
10-10-2014 22:51:26 Configured MicroStrategy Analytics Enterprise
11-10-2014 22:51:36 Windows Update
13-10-2014 00:27:51 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08B93E47-3227-4092-9EEF-7F5BEB76109A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {1D591427-2CEB-410F-BE7F-58C48C83C06F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2119550377-2983991064-3718658128-1000Core => C:\Users\Moose\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-29] (Google Inc.)
Task: {2965FB73-64B7-4DE4-8BE9-16CD1EE6AB71} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2119550377-2983991064-3718658128-1000UA => C:\Users\Moose\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-29] (Google Inc.)
Task: {3AD459B3-5111-4DFC-8601-ADED9A7705A5} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {3E973C6A-5A09-4DAB-B94F-B5F939202D4B} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {6196132C-EAD9-48F3-B6CE-48A25C5E1D91} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-02-08] (Intel)
Task: {9410026A-3132-47BC-876C-78EF9677D971} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {C3F2693B-5963-46AF-B8AC-9F5C00D5AC82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-12] (Google Inc.)
Task: {F106834A-F9EC-4E61-BF58-17977461D8C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-12] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2119550377-2983991064-3718658128-1000Core.job => C:\Users\Moose\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2119550377-2983991064-3718658128-1000UA.job => C:\Users\Moose\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-26 17:52 - 2013-09-26 17:52 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-26 17:52 - 2013-09-26 17:53 - 00218496 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-23 13:34 - 2013-10-23 13:34 - 00757829 _____ () C:\Program Files (x86)\DataDirect\slserver55\bin\swagent.exe
2013-10-23 13:34 - 2013-10-23 13:34 - 00118853 _____ () C:\Program Files (x86)\DataDirect\slserver55\bin\swstrtr.exe
2013-10-23 13:34 - 2013-10-23 13:34 - 01163333 _____ () C:\Program Files (x86)\DataDirect\slserver55\bin\swsocw.exe
2013-09-19 23:52 - 2013-04-03 10:03 - 00015872 _____ () C:\MSI\Super RAID\SuperRAIDSvc.exe
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-19 23:59 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2013-11-05 13:19 - 2013-11-05 13:19 - 00708096 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00175104 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-02-17 17:21 - 2014-02-17 17:21 - 00089915 _____ () C:\Users\Moose\AppData\Local\Temp\10d2ca4a-28d7-4d81-8c1e-dc42bb6c83fc\CliSecureRT64.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00280064 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00139776 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00148480 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00145408 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2013-01-10 01:46 - 2013-01-10 01:46 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 09562112 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2013-01-10 01:46 - 2013-01-10 01:46 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00209408 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CustomWPFColorPicker.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00349696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00171008 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00173056 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00171008 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00307200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00154624 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00170496 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00169472 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00169984 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00157184 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00170496 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2013-11-05 13:19 - 2013-11-05 13:19 - 00169984 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2014-10-06 20:04 - 2013-10-23 13:50 - 00040448 _____ () C:\Program Files (x86)\Common Files\MicroStrategy\REGOBJ.DLL
2013-09-19 23:52 - 2013-03-13 13:33 - 01732608 _____ () C:\MSI\Super RAID\SuperRAIDExt.DLL
2013-09-19 23:59 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2014-08-29 01:12 - 2014-08-21 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 01:12 - 2014-08-21 14:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 01:12 - 2014-08-21 14:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-08-21 14:18 - 2014-09-03 15:28 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-23 15:12 - 2014-09-23 00:32 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 01:12 - 2014-08-21 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 01:12 - 2014-08-21 14:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-09-06 12:55 - 2014-09-23 00:32 - 00679616 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-09-25 23:59 - 2013-09-25 23:59 - 00132608 _____ () C:\Users\Moose\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUMonitor.gadget\GetGPUInfo.dll
2013-10-03 22:40 - 2013-10-03 22:40 - 00012520 _____ () C:\Users\Moose\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2013-10-03 22:40 - 2013-10-03 22:40 - 00015080 _____ () C:\Users\Moose\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2013-10-03 22:40 - 2013-10-03 22:40 - 00014056 _____ () C:\Users\Moose\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2007-12-24 01:08 - 2013-09-25 23:46 - 00391680 _____ () C:\Program Files (x86)\RocketDock\Docklets\StackDocklet\StackDocklet.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () D:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-08-07 11:31 - 2014-09-04 19:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-09-19 23:49 - 2013-03-12 16:20 - 01199576 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-09-24 15:07 - 2014-09-24 15:08 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Moose^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: RGSC => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

========================= Accounts: ==========================

Administrator (S-1-5-21-2119550377-2983991064-3718658128-500 - Administrator - Disabled)
Guest (S-1-5-21-2119550377-2983991064-3718658128-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2119550377-2983991064-3718658128-1002 - Limited - Enabled)
Moose (S-1-5-21-2119550377-2983991064-3718658128-1000 - Administrator - Enabled) => C:\Users\Moose

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/13/2014 03:04:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2014 03:02:52 PM) (Source: SequeLink 5.5 Performance DLL) (EventID: 8) (User: )
Description: Error reading counter info for the SequeLink Performance DLL.

Error: (10/13/2014 03:02:22 PM) (Source: irstrtsv) (EventID: 0) (User: )
Description: irstrtsvError: Unable to obtain an interface instance for the driver interface. No more data is available.

Error: (10/12/2014 08:32:44 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The backup storage location is invalid. You cannot use a volume that is included in the backup as a storage location. (0x80780040).

Error: (10/12/2014 08:19:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 08:18:29 PM) (Source: SequeLink 5.5 Performance DLL) (EventID: 8) (User: )
Description: Error reading counter info for the SequeLink Performance DLL.

Error: (10/12/2014 08:17:42 PM) (Source: irstrtsv) (EventID: 0) (User: )
Description: irstrtsvError: Unable to obtain an interface instance for the driver interface. No more data is available.

Error: (10/11/2014 06:42:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/11/2014 06:41:10 PM) (Source: SequeLink 5.5 Performance DLL) (EventID: 8) (User: )
Description: Error reading counter info for the SequeLink Performance DLL.

Error: (10/11/2014 06:40:29 PM) (Source: irstrtsv) (EventID: 0) (User: )
Description: irstrtsvError: Unable to obtain an interface instance for the driver interface. No more data is available.


System errors:
=============
Error: (10/13/2014 05:32:51 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The MicroStrategy Intelligence Server service terminated with service-specific error %%-1.

Error: (10/13/2014 05:27:51 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The MicroStrategy Intelligence Server service terminated with service-specific error %%-1.

Error: (10/13/2014 05:22:50 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The MicroStrategy Intelligence Server service terminated with service-specific error %%-1.

Error: (10/13/2014 05:17:49 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The MicroStrategy Intelligence Server service terminated with service-specific error %%-1.

Error: (10/13/2014 05:12:48 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The MicroStrategy Intelligence Server service terminated with service-specific error %%-1.

Error: (10/13/2014 05:07:45 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The MicroStrategy Intelligence Server service terminated with service-specific error %%-1.

Error: (10/13/2014 05:02:44 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The MicroStrategy Intelligence Server service terminated with service-specific error %%-1.

Error: (10/13/2014 04:57:44 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The MicroStrategy Intelligence Server service terminated with service-specific error %%-1.

Error: (10/13/2014 04:52:43 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The MicroStrategy Intelligence Server service terminated with service-specific error %%-1.

Error: (10/13/2014 04:47:42 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The MicroStrategy Intelligence Server service terminated with service-specific error %%-1.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-10-04 00:52:38.389
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-04 00:52:38.386
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-04 00:52:37.353
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-04 00:52:37.347
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-04 00:52:36.340
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-04 00:52:36.338
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-04 00:52:35.335
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-04 00:52:35.334
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-04 00:52:32.543
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-04 00:52:32.536
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 36%
Total physical RAM: 8133.75 MB
Available physical RAM: 5196 MB
Total Pagefile: 16265.68 MB
Available Pagefile: 12446.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:110.14 GB) (Free:11.77 GB) NTFS
Drive d: (HDD) (Fixed) (Total:1863.01 GB) (Free:960.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 6111033E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=84)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 5538E8E5)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,201 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:47 AM

Posted 13 October 2014 - 05:06 PM

You are welcome! :)

The first thing we need to do is copy and paste frst.exe from your downloads folder to your desktop.

Running from C:\Users\Moose\Downloads


Nothing of any real concern there but I do want to clean up some stuff. Do you still have USB/external drives you are concerned about?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\MountPoints2: E - E:\SETUP.EXE
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\MountPoints2: {edc8a2c9-1b8b-11e3-9296-806e6f6e6963} - D:\DVDSetup.exe
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 MFE_RR; \??\C:\Users\Moose\AppData\Local\Temp\mfe_rr.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
C:\Users\Moose\jagex_cl_oldschool_LIVE.dat
C:\Users\Moose\jagex_cl_runescape_LIVE.dat
C:\Users\Moose\jagex_cl_speccollect_LIVE.dat
C:\Users\Moose\random.dat
CustomCLSID: HKU\S-1-5-21-2119550377-2983991064-3718658128-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Moose\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2119550377-2983991064-3718658128-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Moose\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Folder: C:\Users\Moose\.ss2
EmptyTemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#5 Xenon366

Xenon366
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 13 October 2014 - 07:41 PM

I can get that specific USB back soon so we can see if there is hidden stuff or whatnot in it that I need to clean since obviously I am afraid it might contain logs of saved passwords etc. Will reply once I have it, and what should I do after? Put it back in the computer?

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-10-2014 02
Ran by Moose at 2014-10-13 20:27:08 Run:1
Running from C:\Users\Moose\Desktop
Loaded Profile: Moose (Available profiles: Moose)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\MountPoints2: E - E:\SETUP.EXE
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\...\MountPoints2: {edc8a2c9-1b8b-11e3-9296-806e6f6e6963} - D:\DVDSetup.exe
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 MFE_RR; \??\C:\Users\Moose\AppData\Local\Temp\mfe_rr.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
C:\Users\Moose\jagex_cl_oldschool_LIVE.dat
C:\Users\Moose\jagex_cl_runescape_LIVE.dat
C:\Users\Moose\jagex_cl_speccollect_LIVE.dat
C:\Users\Moose\random.dat
CustomCLSID: HKU\S-1-5-21-2119550377-2983991064-3718658128-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Moose\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2119550377-2983991064-3718658128-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Moose\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Folder: C:\Users\Moose\.ss2
EmptyTemp:
*****************

"HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-2119550377-2983991064-3718658128-1000" => Key not found.
"HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-2119550377-2983991064-3718658128-1000" => Key not found.
"HKU\S-1-5-21-2119550377-2983991064-3718658128-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edc8a2c9-1b8b-11e3-9296-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{edc8a2c9-1b8b-11e3-9296-806e6f6e6963}" => Key not found.
cpuz136 => Service deleted successfully.
MFE_RR => Service deleted successfully.
MSICDSetup => Service deleted successfully.
NTIOLib_1_0_C => Service deleted successfully.
C:\Users\Moose\jagex_cl_oldschool_LIVE.dat => Moved successfully.
C:\Users\Moose\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Moose\jagex_cl_speccollect_LIVE.dat => Moved successfully.
C:\Users\Moose\random.dat => Moved successfully.
"HKU\S-1-5-21-2119550377-2983991064-3718658128-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-2119550377-2983991064-3718658128-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.

========================= Folder: C:\Users\Moose\.ss2 ========================

2014-09-22 18:12 - 2014-09-22 18:12 - 0000004 _____ () C:\Users\Moose\.ss2\uid.dat
2014-09-22 18:12 - 2014-09-22 18:12 - 0000000 ____D () C:\Users\Moose\.ss2\cache
2014-09-22 18:12 - 2014-09-22 18:17 - 4075208 _____ () C:\Users\Moose\.ss2\cache\main_file_cache.dat
2014-09-22 18:12 - 2014-09-22 18:13 - 0000042 _____ () C:\Users\Moose\.ss2\cache\main_file_cache.idx0
2014-09-22 18:12 - 2014-09-22 18:12 - 0000000 _____ () C:\Users\Moose\.ss2\cache\main_file_cache.idx1
2014-09-22 18:12 - 2014-09-22 18:12 - 0000000 _____ () C:\Users\Moose\.ss2\cache\main_file_cache.idx2
2014-09-22 18:12 - 2014-09-22 18:12 - 0000000 _____ () C:\Users\Moose\.ss2\cache\main_file_cache.idx3
2014-09-22 18:12 - 2014-09-22 18:17 - 0003756 _____ () C:\Users\Moose\.ss2\cache\main_file_cache.idx4
2014-09-22 18:12 - 2014-09-22 18:12 - 0000000 ____D () C:\Users\Moose\.ss2\data
2014-09-22 18:12 - 2014-09-22 18:12 - 0000000 _____ () C:\Users\Moose\.ss2\data\extras26.txt
2014-09-22 18:12 - 2014-09-22 18:12 - 0254917 _____ () C:\Users\Moose\.ss2\data\fonts.dat
2014-09-22 18:12 - 2014-09-22 18:12 - 0000134 _____ () C:\Users\Moose\.ss2\data\fonts.idx
2014-09-22 18:12 - 2014-09-22 18:12 - 4991687 _____ () C:\Users\Moose\.ss2\data\img.dat
2014-09-22 18:12 - 2014-09-22 18:12 - 0009926 _____ () C:\Users\Moose\.ss2\data\img.idx
2014-09-22 18:12 - 2014-09-22 18:12 - 0000000 ____D () C:\Users\Moose\.ss2\working
2014-09-22 18:12 - 2014-09-22 18:13 - 0000126 _____ () C:\Users\Moose\.ss2\working\client.prop
2014-09-22 18:12 - 2014-09-22 18:15 - 0000463 _____ () C:\Users\Moose\.ss2\working\clientsettings.dat
2014-09-22 18:12 - 2014-09-22 18:12 - 0000209 _____ () C:\Users\Moose\.ss2\working\options.dat

====== End of Folder: ======

EmptyTemp: => Removed 2.4 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,201 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:47 AM

Posted 13 October 2014 - 07:45 PM

Greetings,

We can address the USB once you get it. We will "vaccinate" your computer and USB so there can be no cross contamination when we scan the USB.

Can you tell me if the entries under Folder: C:\Users\Moose\.ss2 look familiar or make sense to you?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#7 Xenon366

Xenon366
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 13 October 2014 - 08:36 PM

Yes the .ss2 seems to be related to a game client of sorts since when i open the client settings it gives me:

  gamemode 0 zoom 3
scenegraphmem 0     trademode 0
brightness 2
lastrights 0     damagex10  false     quickuser   
rasterizermem 0
spec_short  true
quicklogin  false displaygameworld  false memmode 0     quickpass       lastlogin
1411424137700
censorchat  false pubmode 0 yellmode 0 sumorbaction -1 splitprivate  false
gameobjmem 0 musicvolume 0 soundvolume 8 clanmode 0 favworld -1 privmode 0     debugmode  false

 

Im assuming that yes it is for a game, not sure which...



#8 Xenon366

Xenon366
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 13 October 2014 - 09:37 PM

I have the usb, what steps should i take?



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,201 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:47 AM

Posted 13 October 2014 - 10:19 PM

OK, it looked like it was related to a game but I have not seen that before. Here is what we want to do with the USB.

===================================================

Panda USB Vaccine

--------------------
  • From a clean computer, please download Panda USB Vaccine and save it to your desktop
  • Double-click the icon to install the program to C:\Program Files\Panda USB Vaccine.
  • Read and accept the license agreement, then click Next.
  • When setup completes, make sure "Launch Panda USB Vaccine" is checked and click Finish to open the program.
  • Click the Vaccinate computer button. It should now show a green checkmark and confirm Computer vaccinated.
  • Hold down the Shift key and insert your external drive.
  • When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
  • Exit the program when done
  • Leave the external drive attached to your computer
Note: Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. Once USB drives have been vaccinated, they cannot be reversed except with a format, meaning you will have to manually attempt to run something from the USB device rather than it running on its own simply by inserting the device. If you need to reformat the USB device to reverse this protection be sure to back up your data files first or they will be lost during the formatting process.

===================================================

Malwarebytes Anti-Malware Free and Malwarebytes Chameleon Including External Drive

----------
  • Download Malwarebytes Anti-Malware Free and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
  • If you are notified the Database is out of date click Update Now
  • Attach any external drives you want to scan if not already attached
  • Click the Scan button near the top
  • Select Custom Scan then click Scan Now >>
  • Place a check mark in any additonal drives you would like to scan
  • Click Start Scan

----------
Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
Click Start (Start, Search, All files and folders for Windows XP) then type mbam
Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com

----------

  • When completed click the down arrow on Export Log and select Text file (*.txt)
  • Save the file to your desktop as MBAM
  • Click Apply Actions then restart your computer if requested
  • Copy and past the contents of MBAM.txt in your reply
===================================================

ESET Online Scanner Including External Drives

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Select Enable detection of potentially unwanted applications then click Start
  • Click Advanced settings
  • Select Scan for potentially unsafe applications
  • Click Change... next to Current scan targets: Operating memory, Local drives
  • Place a check mark in any additional drives you would like to scan then click OK
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#10 Xenon366

Xenon366
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 13 October 2014 - 11:06 PM

Used panda usb, had MBAM and ran it and it found nothing on the drive

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/13/2014
Scan Time: 11:56:14 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.14.02
Rootkit Database: v2014.10.11.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Moose

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 256572
Time Elapsed: 1 min, 7 sec

Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

Ran ESET and also found nothing. Also scanned whole system as well, nothing reported.

 

Im just somewhat confused really since i mean when i originally had the usb inserted, i went and saw what it had (was originally from my cousin, usb has family photos) and right when i opened the drive, i saw that slideshow thingy and a folder which quickly disappeared when MSE found out about those viruses on it. Im just wondering if there is anything on the USB itself being hidden and containing information.

 

Hidden files I see currently:

 

a blank folder with desktop configuration settings file that contains:

[.ShellClassInfo]
IconResource=%systemroot%\system32\SHELL32.dll,7
IconFile=%SystemRoot%\system32\SHELL32.dll
IconIndex=7

 

and a autorun config file that says "access denied" when i try opening with notepad, and a AUTORUN_ config file that has nothing in it.....



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,201 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:47 AM

Posted 14 October 2014 - 01:17 PM

Greetings,

Those 4 files are not malicious but are related to either a missing or corrupted desktop.ini file.

Panda is designed to disable the autorun feature on the USB device so the access denied is consistent with the goal of the program. Since autorun is disabled the second file is of no consequence.

The USB device appears to be clean.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,201 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:47 AM

Posted 17 October 2014 - 07:59 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,201 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:47 AM

Posted 19 October 2014 - 08:39 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users