Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware,, Need extra help


  • This topic is locked This topic is locked
11 replies to this topic

#1 Madforit

Madforit

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:09:32 AM

Posted 11 October 2014 - 08:33 AM

I have been through a lot of steps with a team member and thought we had fixed the problem until today when the problem unfortunately re-surfaced, As far as I know it's not harmful, But it sure is annoying,

 

Here is a link to what has been done already,,I haven't copied and pasted it as there has been quite a lot of it and they suggested that I should post a DDS log if the problem wasn't resolved, So here it is. http://www.bleepingcomputer.com/forums/t/550869/helpi-need-to-find-and-remove-an-annoying-problem/

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635
Run by Steve at 14:29:34 on 2014-10-11
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.3070.1587 [GMT 1:00]
.
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\WinService.exe
C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
E:\Program Files\Shot Online\ShotOnline\ShotOnline.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uProxyServer = hxxp=127.0.0.1:13813;https=127.0.0.1:13813
uProxyOverride = <local>
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
mWinlogon: Userinit = userinit.exe,
BHO: Easy DJ Software Support: {2AE7471D-5150-48CF-8498-4CB9E8FAEA90} - C:\Program Files (x86)\Product Support\1.0.0.0\Product Support.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
dRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
mPolicies-System: DisableStartupSound = dword:1
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1513E6FA-7394-4D2A-AA50-C23F0634E982} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{6BC596E4-ECAC-4F43-9F5C-26CA23E51220} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{6BC596E4-ECAC-4F43-9F5C-26CA23E51220}\35475667F6723702E4564777F627B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9F998F10-1B45-42DC-97B3-8DCB3B985DD7} : DHCPNameServer = 8.8.8.8 8.8.4.4
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Users\Steve\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Steve\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Steve\AppData\Roaming\ACEStream\player\npace_plugin.dll
FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\Windows\System32\npDeployJava1.dll
FF - plugin: C:\Windows\System32\npmproxy.dll
FF - plugin: C:\Windows\System32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\npOGPPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2011-12-7 25312]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-12-11 279616]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2012-1-4 26624]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-12 172344]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-8-30 239616]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2014-3-5 98304]
R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2014-3-5 3735552]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe [2009-8-31 1821184]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-1-7 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-8 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-8 860472]
R2 OpenVPNAccessClient;OpenVPN Access Client;C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-8-12 24064]
R2 SCM_Service;SCM_Service;C:\Windows\SysWOW64\WinService.exe [2011-12-7 186848]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [2014-8-3 741640]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-4-7 5093216]
R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [2012-1-4 167936]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-9-15 46136]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2012-1-4 1924096]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2007-5-11 1361952]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-11 50208]
R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2007-5-11 3612704]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-7-8 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-8 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-8 63704]
R3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2010-8-3 30720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update --> C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [?]
S3 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService --> C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe  [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-8-3 110336]
S3 EyeOneDisplay;EyeOneDisplay;C:\Windows\System32\drivers\i1display_x64.sys [2012-12-18 7808]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 PSSDK42;PSSDK42;C:\Windows\System32\drivers\pssdk42.sys [2013-5-10 53312]
S3 PSSDKLBF;PSSDKLBF;C:\Windows\System32\drivers\pssdklbf.sys [2013-5-10 65600]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-9 19456]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\System32\drivers\wg111v2.sys [2011-12-7 450048]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2014-8-16 155824]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-8-3 206080]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-6-21 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-9 57856]
S3 vvftav302;vvftav302;C:\Windows\System32\drivers\vvftav302.sys [2007-3-18 301824]
S4 Golf Server;Golf Server;C:\Golf\Server\golf_srv.exe [1999-1-5 232448]
S4 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [2012-1-4 954368]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-10-08 20:21:14 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2014-10-08 20:21:14 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2014-10-08 20:17:00 0 ----a-w- C:\Windows\SysWow64\RENBD93.tmp
2014-10-08 20:17:00 0 ----a-w- C:\Windows\SysWow64\RENBD92.tmp
2014-10-08 20:17:00 0 ----a-w- C:\Windows\SysWow64\RENBD91.tmp
2014-10-06 13:54:57 -------- d-----w- C:\Windows\ERUNT
2014-10-06 13:47:37 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-10-06 13:46:12 -------- d-----w- C:\AdwCleaner
.
==================== Find3M  ====================
.
2014-10-10 17:10:44 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-29 11:24:32 122584 ----a-w- C:\Windows\System32\drivers\48230029.sys
2009-12-06 17:18:14 26624 --sh--w- C:\Windows\bfcs2.dll
2013-10-08 21:23:56 143208 --sh--w- C:\Windows\hcsd.exe
.
============= FINISH: 14:31:18.04 ===============
 
 
I look forward to hearing from you in the near future and here is my thanks in advance for anything you help me with.

Edited by Madforit, 12 October 2014 - 07:43 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:32 AM

Posted 14 October 2014 - 08:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:09:32 AM

Posted 15 October 2014 - 12:38 PM

# AdwCleaner v4.000 - Report created 15/10/2014 at 18:29:51
# DB v2014-10-15.7
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Steve - STEVE-PC
# Running from : C:\Users\Steve\Desktop\adwcleaner_4.000.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : RunAsStdUser Task
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
 
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
 
[lr3pxfeo.default] - Line Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
 
-\\ Google Chrome v
 
 
*************************
 
AdwCleaner[R2].txt - [13712 octets] - [06/10/2014 14:46:15]
AdwCleaner[R3].txt - [1234 octets] - [15/10/2014 18:26:43]
AdwCleaner[S1].txt - [13947 octets] - [06/10/2014 14:48:51]
AdwCleaner[S2].txt - [1087 octets] - [15/10/2014 18:29:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1147 octets] ##########
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 01
Ran by Steve (administrator) on STEVE-PC on 15-10-2014 18:35:53
Running from C:\Users\Steve\Desktop
Loaded Profile: Steve (Available profiles: Steve)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(UASSOFT.COM) C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\WinService.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Policies\Explorer: [3212083974] 0x504B0304C239B7F8068374BFB511000000400000E269F63D73594F6202C9694280CC96A28BBD63516FE3C2D5F7A2FF87AC3A990C3EC3B2ED7B07716237A0DFB1DFB651F67E31CB2E7649F98D5E55E9B25B1A579794989B176C357BDCC11226BD6ECB7DE8A63EA2165F6B31EAD6B0A2A96A6E9D04B9B39F194EF52D48B088D4B6597F685A70FF6912914F86D8235681747DA26CFD83223D3D248872C51095484634EBF976E4595F734BD35CAF42B38DCF9E878AF0BE0A5E84B22940F721E8BBCDCBAA3E53607359252DB16C0D6C38A142261BB4896D12A48C006CC3C21FDF717C155B2AF0375D2545EE286C2AECB2955206EF25C82DC686F7EB83BB3072E94E1E59254B11A2E3628E1D98E177375B54E682A1C77F986E1907FFCB784ACCACB124189751D7EBBAFC91D3A127F134A85E27F8C201D9082F621F5FFFAC09D2AAB94A62F90BD74D6C96A8DB6D42E4E98316449D202A4E24857673E2A50B7DFD9D5AF72A21A19A922ACC9675BA933A1C6AD4E0A11470FBB82EED7A79C5CA2DBB0BEC5B2B43BAA37373D3EF494726D7CF4A4AA8A3D6A5C206CED49148C0100BFA96B707BE91B855151D8DA8E0723DD1303325011B3951C9DF7B10E9B153BCED98376C4D7517F2E0E23A986914B2B0F978454441C47B5797D924CE9CD186D74D308099EE52F226E92DE6B50E4A0691F75CFA9CE733494B8CAFAEB4BE4C65F6C9DFFA34A3C2ED9D14F5844164BE79B7A90495290350177B03AEFA777FF519B624E3C75C219260AC447BBA9A6DB56F34B340A5F75837FAB3C33831A3BC39C2914AEB87A39545BD7ED52450EB7E94D5380E2BABCE3F8EE6E3CDC9D4ED54D9889D9DBD0DC879CAA2B121048A308A7F873252DAD24EA8F8911EA0A3B202DE930A9FC882CF1349FFE229016B2EBFD7821B8986D31DECCBC296BA54FD6D864C915F1D77AC0734D96FE0BA43A669FAB128026C7F90E9E1E0A7047F5A2378E4DE0966EB6C217B3483194B2B21A3FA8A1CBEF1D66A3FC8A5C863BCEA6157981A11449BAE3357F3287501CB9C24E0AFB156F5DDFD6855CD8B7B43FEABD9412C1C208B5DE2330C469A59DE5B490CC06BFD5A4900CB121EB967BC7185A9F00112A5B1E8D8028CA02B0F2B194AF03CC1E172B70C9B88643E3C064B5406CF184AD9EBA26736EF6FEB30DAC8BA400933A32A3C03230BD732FCBE16C4B3BDCC0B501616CE956D968B8DA68B4A9A64238601E81E78095961580431361A4DD9FE963D3CEBA5C21BBA416C1CC9D94BB842C25B2FD12C8BF42C35948272965A3FECF6E9B92D32D7E84A402A0B6214A412A23427E4852CE607FD9F7FF8559BBB96A9AE577DF0C19D108587D372470BE0D3E27ED61FEB442C2D65E55BAC81C2786CF6B837EEBC1B5AF35634B29FD5D96347B5F9C747C8A9A83E7CB3C188D9042F08FBD4EDEEBD65DE7C04B275B7FD74067A0AE3033752AA55A45A05355811416EA4A5101511E99305B700BD44742CBD6A9272B5CF4001505C4057866B57E4DE5EF0EE9F88B41986A80119C962594972011FC0C39B4A74B74747F5116D896A0EBCBB4387685672899AF54B80AE07008971EA1C997A898E33AAB769E4E52FBBEC97EBF199CE76454BADBD4EAB272F1D1CAABB3B49B3AAFC1E67D09EE8FEB0580E414EB45F3F0C25FE88872312FEC2341E7A6100B2E04ED25FCE13A146098DCE98446B2F3875ECB269A886795698619D337DA612F19BF8D4FE3028E79A26548128D1595AF0BF98FF320DC73D873F05EBD07C87CAE28DF067C00DE3E53CC77E801E1304192CA7BF78AB28DB40564328A108F9F0DDD8E1B0BAECCF16BF1DEB3CC5C4B5F5140F6B8A256E9128C203418AA3D93E3F08078977667DC02D830BB6869DE92F29A65AC6D2689D0A5A90887A8643119DC9A68B5B00BD59D45DA9D7ED5DAE6EE6DA6119243F77F51B263200F90ABBB61CCE9A951781EA2012A2C8D7200906439B08E7E76CF9C9536B2E6B560AFD7CBAA5044791EE17DED45ADFD9D359DAC0A9F4ED15BF2CB2EA9B12B7CB11B597CF2E6E750A6C636FE2C4B144F6FF43CCFFDDAE787BE160B0A8B4282B35A6AEECE165814E95CE7ADBE416EF4E51860CB4F5D50AF2A86AA4EE602A30AA54850E0CB4A38DC3A1C711B5D03B6A53EE102AC68E553D11E5FB3D0A8E0EF34266263CA4A3E0B76C55A92F75F921CD61A5363E5DB7737874D57C653D63457260B67B1DF330827B2921C29FDA0045BBE7404E40985039F7DB153F52B2C941A56E922DCFB60B89DBEE327ED6F5C1E438270F766A6ED1730FC581A4AEBCFE3B7726B27D6B092CF5A0B6954196CB4CC2788B8722338EE189D9E22692595F0D5B333B0F715CB8D94A08AFB631DBB1BE79A773E8F1A4EAF7220C24222DDA431B91D9175DFA0C6AE81E8C4C879D64446CF56FAEFE1487CA6739A776AEE42EF8BE40A612F95CDE3B1FEEAC1E1E41A24C92ED8B0152E247239E5A8BC903679CA8C7B94659AD5B1D10551F460D924FB60882FC90508C3723420F86F4CF100387E808133CC429883C0E3ACE91651C075CD19D106E0B437B0363048CA1FEAAF929B87AED90AFDE281EDCA0FA0CC7B5A7F03807FA5AC41B1ED73130EAC1117C631C1818142F24D420F6776CB53D4D0326B9FC3008C3CA03FC649D87D37FA617B74F2865C75298BED54B7D8DC676E2210374D8BF194AE2FEDA62B4798933C764CCDDF845330721FC21E68C0695CA73285103E22AE68DA440326DFEF9A80D17D0A7C3F920E7B0AA806EE9B7549ED9878B6CFB505AC69E8E8D3CFA718675764CFB03861D32AFAAE1D918BE87F6A9AC0D815C57AD3E167D642F5FCDDC25D4BA3AC3E67C26A4DEAA17797B3C0654F271EAAA442A71CBE19372ADCBDE3DF8B3FE491E5A76A79D1291A0DE317FFBF927F42782FA48270F2C969563B183A4B0112F3497DD3C2A423EC83498BDBAAC928910A9FB7FE5788E454C027A28F4A91AF2BF09E261F85B0EEE4F7929E63C4062496CB09534BB6D03FF69ED2915D0EA215B4FB3D1044E86EB87DFB4898BCBD50E5C4DDFBDB83B9410E1ADF91446C43C959E0E341D67A5A7EF8712586DE3B8B9C5B6F80F42F235BF68900EBFE6304BB0D9F67408B76201EC26180B4BD76500DE4F0DF86DF4A063AECECCA69DDF8A162B67A4B9800FA7570D5B551AC2703ADC0FFCED00650A96CD81EC4187B90C6B2140CE99C1937C40587EA72899897E628115BCAB73B3D9F425860B109A67347B8A121F65D0968D56A3DDE6B8171CEA61B08AE568B9D03C398977CE86F75055230EF370CABF67C9CF97C3223719555403F3E0BD2AF0E1E8742DECB05FADB0227F15D40EE2D6DC5A49FE1E6BC9E6CEDDE74294C3BB6FD5C5FEDFAD672DF1DFFD219BD8BC1EC39158EAB507998755F553441D01CD26A5501F6FB2DB4F3597510F85B93A542514C8013EEDBBFC913DCCE8B20A5759665BDFD9919EB22A89163D8656386D857C5BFC7C241C1D726CD94AB0F92D5B0FEFCF1D4ABDD26FBC6C17A4CCACF2D31E5E713059DE93C59D3B8D3E8D03B5D663F9DFADB03E093CB84FCF500A1F0E2E5BA1C9D81DB12CC799C6539AF0CC35682D95CB789C745A452BD8B38E6CF08E0579DA1AB43AD0858D0305F961B15A79C1090F4867040EA2BD36CF6512AAB44CE5A1098EFE039134F23BF057777FEF3E68E45827B0487924CAD4E5F0B1C3B4F5A0E3853B39640EB0782D78888FE92C3B68624E84FF6A5EDED87BE62D34CE858F34E5FFFBBA75F014DF0F648988B51A72DE1FF54D5C7A4B8ECB10C5E9EF51DE98C01EF8C406F9824A0C15A29E16B5A53E3643B0065A4263ECAE50D2CB976D3D2EA6255A65F1C6CC86167F1784A27B832037DB4CE1E262475334F3B2430F86C7A24456EEA82AB678ABA91BB4C0CC82C877B80B6D3574007257272C3E126C17A8B36AA8AA9431FF01BF658F82D8153EDDEA6804CDC564A3F5E9967B08FEEB823D3DB9356A4ACDD80E883CA58A1C661D01D145F80A3AB67E8036C0BAE1BB7BC43204EB0CF38214BC74A9AEF036A31D5A9C552D93A25C0E84057BCE5437B1634680D04A77472D631432D2BAA7A3ACD64220EFCF9E7848F8FD9801BEF7561A470A1822032160EB59EDC0F977882DCE4FB2872D89D27FF076DBA74A9672F86909956579C28853FA8DE7002CC8458D09256D42A39F1A4BDB6B56D36D51488E7368686E54C1BBBFFF48884E0D536BE362E59BD7F18329A4B82AED396E4F92865F594D0DA38F7CACE7A4603AF60C1A53BDFD19476094AAC6E4A8F31FC1257D48D03BB0EF515D8460B9441532C8B5043D0531D5881ADB6D997BB184FD8CAF4D8E6C759C3F7143B9E32BC7A0EC6234B68ADF4111CA1D136721438E5E6D7125D480CE982D84AEA7703B4010CD27867D6DDC5E0C970385196F020E48EDDB24C56972F9E61E6CC29C1712551583828F899534AACFFFC66F99999EA2BA2731D52A7FD2FA262A22B075DA52A5AA58F5B41AA9CDC9181406717F3F75E7C475090121966838125236E4DC6291AE3874968E8208B983AADB03CA60ACD935E6DA1B829407F70A77340E4439F22FDC2FC4218DE0F25D2F886C0AAEB693C2B23DB0EAB9953BF806C2173E0BC9D0D7EF0E763775BC1432FF48D6035B1214294C81B71CD98C42831014090CD99CB74929AE853F88132E559104D4FEA98AD40F17DA4100A909A6981BAD9EFB240A79520927AA12232A56F4D8893BFF92BFC2BD42CF3DC09BDC484DFDBA3A10C609186104CE33E3024F44000BE34814FF5DC9872D44B4157FB3A6655B985F6CC5EF4586F2ABFEE12DCBDB90181B396F95FE3213F094D1F3DD3D7FED800F4ED21290F613B62048E0FC1F1328D9F87A5653B489D36F727BE9D755523DEF0472F1C1D5AC90EE665379FF39D06E863C244890F5333A0B89B92022C1A8198029FE5F8C203B3DD211D4398958EE190108DD50B7850E20D8ABE2B927D53D28F3B8CA26BE81BC6B83C0E2B3B1DDA28066C63860CEA89DF82708EF21D4D36B84663E87B4385A3E37BD3FF1EB2BF64184C44723490669AF4DA092D45BA21A569A352E513D9A9B43E9CD4B812055822626EFC55F950009232B8B3BB2D63D44A8B0BD9BD4E84C5A724496A2326F63C97DBCB235366EC0CF6096B5F4988D073C34BD3A084130CEA8D6EE22E542B411C1E18599667B3FD6DDE0669AD82C85A1C10CA5862213CB1BB277E6C4F6564F20A9BCEA1B48170504C47235D78ED0A0441987C8C17D90D7B56CF487C46733BA4A6848FEC42B97CE4048F3C6D9C493322F052EF93F02F142B3940A10921BD15C911E7A97AA4A20DC383C62CD288D252BA937B3F60761E6653568A01241BB573664DE04811CF3F59B4C2D7E8A6C55DA16F468383456AA751697697397C2A5E5ABFA0F1099D80447D49DA509AA1347F3943EE9BAA1FDAD2A0E69410B34253AD4991282D0E952260F52AB9F02A3D00B37098CF60354424F862066E45E92AC475C99A00E7380766E589ABF66271619142795CF7A7FBD138A6CC5BD7E135122341D1F06EB5B436C59BE0ADEDC71BC03D7C63C16751AD56C69E36DECFE9E8214C719FCDF2E9FE2DC971F03C1C2AD6B6D368FE8B11D0389650C73D1C7E73708145FA05992A150E6A909656EA786E244BDF1CD71F4B0FD05B1335D703182FFA9D96C99108297B1FE327A83BF4F69D2A9C3D1EB73A9DD8CEE2B3220904AC31011FD6407A5BA427FACB46227FDEDB13D1CA6443DED3DC3B6CF06A59DC9B9226FBF357334ABF58412605FD206E7B6125FA19E5D68F75783FA08205B05C0A12D1830068317F6105958C4EB37BCB1BEAE6A401C267641AA58274A410D76B4D2A03E418020869B6886BB81964761B3FCD8EA68050AD6CFF99649CDE8FA53F04B0C96E271C0B092E24D81EA2D723775799E713EA9DA6967EF57AAAFE1C6732F2F047556027F021C65FC20C1C3BCB392ACF8FF7A9E14D9728A5AAACD255FC3866B041E9C96DCF592083D78C9E405DDD7991D2E2536D2EB1BA0F0ECE3DFB6A34C2665CFAC2D1850FD478F617FDD4E9DD4492C553BD375CFD33F4744D642006F3A5216A1FF7D73643ED751CAECDFDCB56247AA2F66FBCB8315DAAA86006A99E0350A72D5D5260D6BB77AC53CDD7ABACB859586C279B7FACDF076C922AC27F3E907FB3B4EC977CA634A28DF064162165222DCCE674DAB60A4E9D48E7FCEA267ABB1F8E0A2012AA6DB532A4CE74FBAF583E2C292FA1B56BE585D14EE073CDAFE3FC0C19050E698EC41B9D27F5DB41A779208118A5D3F8F74333B2AD2FE3CEE273BBFEA485EAD817EFFEDF1260C1A125070589B6F0F31984ED498CBD273E84A718F54C82CBC2747E678F8437DDE23C9EA3C877823034B7C70731C2D01CC09D11D3364E7945B6480B9B416ACB54CD1194B46C6D2E147619AC1C1FA915AF80A5098647247EBCF0449634F69C96AFC740BCE61993228183D98D0F85406D8FFD934
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-06] (SUPERAntiSpyware)
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: J - J:\AutoInst.exe
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: K - K:\AutoInst.exe
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: N - N:\AutoInst.exe
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: {3040d83c-241e-11e1-8999-001fc65bac4e} - I:\SETUP.EXE
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: {48014940-e00f-11e1-929c-db24f4345e8c} - J:\AutoRun.exe
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: {48014bf6-e00f-11e1-929c-db24f4345e8c} - H:\setup.exe
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: {81bbfb19-95a4-11e3-bb16-8a2aece648f5} - K:\Startme.exe
HKU\S-1-5-21-1172466162-1326600968-4123945386-1000\...\MountPoints2: {8b167451-5293-11e1-86cf-806e6f6e6963} - J:\AutoRun.exe
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
ShellIconOverlayIdentifiers: [1CryptoProviderIcons] -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} => C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * Ꮪ窘W阀rundll32.exeuhgpXjDᏝ窘W退SYSTEM\bdnativemerᏐ窘W退湩彴潒汬慢正瑉浥即捵散獳畦l var="Ꮣ窘W退桔敲摡湉潦祔数呟牨慥䥤㉤ijEL7qzᏖ窘W退湩彴潒汬慢正瑉浥䙳楡敬du8hU." vᏉ窘W錀畍瑬卩牴湩彧潂瑯硅捥瑵䭥祥1ZrV9cᏌ窘W蠀autocheck autochk * Ꮟ窘W踀Ꮪ窘W阀rundll32.exeLKvᏂ窘W耀 ǃ
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=127.0.0.1:13813;https=127.0.0.1:13813
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC0D068A5E5CFCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Easy DJ Software Support -> {2AE7471D-5150-48CF-8498-4CB9E8FAEA90} -> C:\Program Files (x86)\Product Support\1.0.0.0\Product Support.dll (Download Manager)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.2.4.1-next -> C:\Users\Steve\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Steve\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: GFACE Experience Plugin - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\cryenginebrowserplugin@crytek.com [2013-12-14]
FF Extension: ShoppingChip - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\gxf_dtwq@kvxhptrtc.co.uk [2013-12-14]
FF Extension: SNT - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\yuaeat0g-z@oy-eoyjaao.co.uk [2014-03-16]
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\fbp@fbpurity.com.xpi [2012-03-08]
FF Extension: leethax.net extension - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\leethax@leethax.net.xpi [2013-07-03]
FF Extension: Easy DJ Software Support - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\{0C20151A-BA46-4482-9207-6E3300577539}.xpi [2014-01-25]
FF Extension: Nuke Anything Enhanced - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}.xpi [2012-03-08]
FF Extension: Adblock Edge - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2012-10-16]
FF Extension: z - C:\Program Files (x86)\Mozilla Firefox\extensions\{e0840974-73d4-c17d-37a7-b69bcfd8d2f5} [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-01]
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\Steve\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\Steve\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2014-06-01]
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> http://www.google.com/search?q={searchTerms}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Adblock Plus) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-03]
CHR Extension: (Adblock for Youtube™) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-09-03]
CHR Extension: (AdBlock) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-03]
CHR Extension: (Hide My AdBlocker) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihcngphjjankfngmgdkihhngndcdflc [2014-09-03]
CHR Extension: (Google Wallet) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-02]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-09-02]
CHR HKCU\...\Chrome\Extension: [kpckgflgdapkpabemgkielbefdildaio] - C:\Users\Steve\AppData\Roaming\ACEStream\extensions\chrome_new\magicplayer.crx [2014-01-28]
CHR HKCU\...\Chrome\Extension: [oeflloaldpdfnbhbafhgdnjmcfbeekbe] - C:\Users\Steve\AppData\Local\CRE\oeflloaldpdfnbhbafhgdnjmcfbeekbe.crx [2014-01-28]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]
CHR HKLM-x32\...\Chrome\Extension: [oeflloaldpdfnbhbafhgdnjmcfbeekbe] - C:\Users\Steve\AppData\Local\CRE\oeflloaldpdfnbhbafhgdnjmcfbeekbe.crx [2013-02-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
R2 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
S4 Golf Server; c:\golf\server\golf_srv.exe [232448 2013-03-17] () [File not signed]
S4 jswpsapi; C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [954368 2009-11-05] (Atheros Communications, Inc.) [File not signed]
R2 KMWDSERVICE; C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe [1821184 2009-08-31] (UASSOFT.COM) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5206008 2013-08-26] (INCA Internet Co., Ltd.) [File not signed]
R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-30] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SCM_Service; C:\Windows\SysWOW64\WinService.exe [186848 2010-05-10] ()
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 WDCS_WNDA3200; C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [167936 2010-06-23] () [File not signed]
S3 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [X]
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
S2 Aspi32; C:\Windows\SysWOW64\drivers\aspi32.sys [16877 2002-07-17] (Adaptec) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-11] (DT Soft Ltd)
S3 EyeOneDisplay; C:\Windows\System32\Drivers\i1display_x64.sys [7808 2005-12-14] (GretagMacbeth LLC)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2013-05-10] (microOLAP Technologies LTD)
S3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [450048 2010-04-06] (NETGEAR Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
S3 vvftav302; C:\Windows\System32\drivers\vvftav302.sys [301824 2007-03-18] (Vimicro Corporation)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM302.sys [1495936 2007-04-04] (Vimicro Corporation)
S2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 ATICDSDr; \??\C:\Users\Steve\AppData\Local\Temp\ATICDSDr.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 LMIInfo; \??\D:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S2 PDIHWCTL; \??\C:\Windows\system32\drivers\pdihwctl.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-15 18:35 - 2014-10-15 18:36 - 00028937 _____ () C:\Users\Steve\Desktop\FRST.txt
2014-10-15 18:35 - 2014-10-15 18:35 - 00000000 ____D () C:\FRST
2014-10-15 18:34 - 2014-10-15 18:34 - 02110976 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2014-10-15 18:25 - 2014-10-15 18:25 - 01976320 _____ () C:\Users\Steve\Desktop\adwcleaner_4.000.exe
2014-10-15 00:58 - 2014-10-15 00:58 - 00010808 _____ () C:\Users\Steve\Downloads\GTG IPs.txt
2014-10-13 19:01 - 2014-10-13 19:01 - 00000647 _____ () C:\Racing Rivals email.txt
2014-10-11 14:31 - 2014-10-11 14:31 - 00014436 _____ () C:\Users\Steve\Desktop\dds.txt
2014-10-11 14:31 - 2014-10-11 14:31 - 00008444 _____ () C:\Users\Steve\Desktop\attach.txt
2014-10-11 14:29 - 2014-10-11 14:29 - 00688992 ____R (Swearware) C:\Users\Steve\Downloads\dds.com
2014-10-10 11:40 - 2014-10-15 18:32 - 00002178 _____ () C:\Windows\PFRO.log
2014-10-10 11:40 - 2014-10-15 18:32 - 00000224 _____ () C:\Windows\setupact.log
2014-10-10 11:40 - 2014-10-10 11:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-08 21:21 - 2012-07-05 22:06 - 00772544 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2014-10-08 21:21 - 2012-07-05 22:06 - 00687544 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-10-08 21:17 - 2014-10-08 21:17 - 00000000 _____ () C:\Windows\SysWOW64\RENBD93.tmp
2014-10-08 21:17 - 2014-10-08 21:17 - 00000000 _____ () C:\Windows\SysWOW64\RENBD92.tmp
2014-10-08 21:17 - 2014-10-08 21:17 - 00000000 _____ () C:\Windows\SysWOW64\RENBD91.tmp
2014-10-08 15:14 - 2014-10-08 15:14 - 00015688 _____ () C:\Users\Steve\Documents\install.txt
2014-10-08 01:41 - 2014-10-08 01:41 - 02347384 _____ (ESET) C:\Users\Steve\Downloads\esetsmartinstaller_enu (1).exe
2014-10-06 15:06 - 2014-10-06 15:06 - 02347384 _____ (ESET) C:\Users\Steve\Downloads\esetsmartinstaller_enu.exe
2014-10-06 15:03 - 2014-10-06 15:03 - 00007015 _____ () C:\Users\Steve\Desktop\JRT.txt
2014-10-06 14:54 - 2014-10-06 14:54 - 01705141 _____ (Thisisu) C:\Users\Steve\Downloads\JRT.exe
2014-10-06 14:54 - 2014-10-06 14:54 - 01705141 _____ (Thisisu) C:\Users\Steve\Desktop\JRT.exe
2014-10-06 14:54 - 2014-10-06 14:54 - 00000000 ____D () C:\Windows\ERUNT
2014-10-06 14:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-06 14:46 - 2014-10-15 18:29 - 00000000 ____D () C:\AdwCleaner
2014-10-06 14:45 - 2014-10-06 14:45 - 01375089 _____ () C:\Users\Steve\Downloads\AdwCleaner.exe
2014-09-25 18:04 - 2014-09-30 13:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 14:34 - 2014-09-25 14:34 - 00019674 _____ () C:\Users\Steve\Downloads\Akon-Freedom-2008-[NoFS].4535952.TPB.torrent
2014-09-23 13:06 - 2014-09-23 13:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-09-21 14:12 - 2014-09-21 14:12 - 00000180 _____ () C:\Users\Steve\Downloads\index.m3u8
2014-09-17 19:57 - 2014-09-17 20:09 - 226114442 _____ () C:\Users\Steve\Downloads\PP Promo Records & Bands Worldwide - Making A Scene 2014 Second Edition.zip
2014-09-17 19:57 - 2014-09-17 20:03 - 141695554 _____ () C:\Users\Steve\Downloads\Djs United - Djs United Vol 1.zip
2014-09-17 19:56 - 2014-09-17 20:08 - 259682017 _____ () C:\Users\Steve\Downloads\PP Promo Records - Making A Scene 2014 First Edition.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-15 18:35 - 2014-07-08 08:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-15 18:34 - 2012-01-27 22:12 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-15 18:34 - 2012-01-04 13:57 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000UA.job
2014-10-15 18:32 - 2011-12-13 14:34 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-10-15 18:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-15 18:21 - 2014-03-26 15:46 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000UA1cf4902335f4e80.job
2014-10-15 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-15 13:19 - 2012-01-04 13:57 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000Core.job
2014-10-15 12:10 - 2014-03-26 15:46 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000Core1cf49022f53b150.job
2014-10-13 10:40 - 2009-07-14 05:45 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-13 10:40 - 2009-07-14 05:45 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-12 16:05 - 2011-12-08 18:05 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\vlc
2014-10-09 21:03 - 2012-11-06 17:09 - 00000000 ____D () C:\ProgramData\firebird
2014-10-09 19:25 - 2014-08-04 12:33 - 00000000 ____D () C:\Users\Steve\Desktop\Rob
2014-10-08 22:34 - 2012-03-09 05:24 - 00000000 ____D () C:\Users\Steve\AppData\Local\Facebook
2014-10-08 21:17 - 2012-02-27 21:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-08 21:16 - 2012-10-15 12:26 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-08 21:13 - 2012-01-04 13:57 - 00000000 ____D () C:\Users\Steve\AppData\Local\Google
2014-10-08 21:13 - 2011-12-07 20:47 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Mozilla
2014-10-08 13:06 - 2011-12-08 17:09 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\uTorrent
2014-10-06 14:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-10-06 11:48 - 2012-02-27 21:43 - 00000000 ____D () C:\Users\Steve\Documents\My Received Files
2014-10-05 13:06 - 2013-09-08 11:33 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\.ACEStream
2014-09-30 12:53 - 2011-12-08 00:29 - 00007613 _____ () C:\Users\Steve\AppData\Local\Resmon.ResmonCfg
2014-09-29 12:24 - 2014-07-18 10:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-09-24 22:27 - 2014-05-19 15:09 - 00002372 _____ () C:\Users\Steve\Desktop\Google Chrome.lnk
2014-09-21 23:30 - 2013-09-09 00:35 - 00000000 ___HD () C:\_acestream_cache_
2014-09-20 14:23 - 2014-06-05 17:34 - 00000000 ____D () C:\Program Files (x86)\Flvto Youtube Downloader
2014-09-17 12:49 - 2013-12-17 00:15 - 00002124 _____ () C:\Users\Public\Desktop\Flvto Youtube Downloader.lnk
 
Some content of TEMP:
====================
C:\Users\Steve\AppData\Local\Temp\Quarantine.exe
C:\Users\Steve\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-06 10:57
 
==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2014 01
Ran by Steve at 2014-10-15 18:37:12
Running from C:\Users\Steve\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Ace Stream Media 2.2.4.1-next (HKCU\...\AceStream) (Version: 2.2.4.1-next - Ace Stream Media)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Alliance of Valiant Arms (HKLM-x32\...\Alliance of Valiant Arms) (Version:  - )
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1E9871B6-7C44-9A3A-A1C0-F9729663C7F5}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80830.1925 - Advanced Micro Devices, Inc.) Hidden
Any Audio Converter 4.0.2 (HKLM-x32\...\Any Audio Converter_is1) (Version:  - Any-Audio-Converter.com)
AnyTrans 3.7.3 (HKLM-x32\...\{E580ED1F-AAF8-4F7E-B174-54BFA2B94E0B}}_is1) (Version: 3.7.3 - iMobie Inc.)
ATI AVIVO64 Codecs (Version: 10.10.0.41001 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.745.0 - ATI Technologies) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
DeepBurner v1.9.0.228 (HKLM-x32\...\{2ADE2157-7A5E-122C-B51D-EB8A01B15943}) (Version:  - )
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
ffdshow [rev 2202] [2008-10-10] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Firebird 2.5.0.26074 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version: 2.5.0.26074 - Firebird Project)
FLAC to MP3 Converter 6.1.9 (HKLM-x32\...\DD4F47DF-6540-4BDA-BEAD-2B19250B0C48_is1) (Version:  - Accmeware Corporation)
Flvto Youtube Downloader (HKLM-x32\...\Flvto Youtube Downloader) (Version: 0.3.6 - Hotger)
FMRTE (HKLM-x32\...\{0D67FBBE-3F68-4B0B-9647-8F3DE93593AE}) (Version: 5.0.2 - BraCa Soft)
FMRTE 5.2.4 (HKLM\...\{63486834-B10B-4DD4-8216-C8D66A157D7E}_is1) (Version: 5.2.4 - Raul Bravo)
Free Burn MP3-CD v1.2 (HKLM-x32\...\Free Burn MP3-CD_is1) (Version: 1.2 - www.nbxsoft.com)
GamersFirst LIVE! (HKCU\...\GamersFirst LIVE!) (Version:  - GamersFirst)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HydraVision (x32 Version: 4.2.114.0 - ATI Technologies Inc.) Hidden
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
M4A to MP3 Converter (HKLM-x32\...\{729E66B3-1B80-4F3F-8D19-342A89631E0A}_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft Works (HKLM-x32\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.22 - mIRC Co. Ltd.)
Mobile Master Copy Station (x32 Version: 8.9.3 - Jumping Bytes) Hidden
Mobile Master Copy Station 8.9.3 (HKLM-x32\...\Mobile Master Copy Station) (Version: 8.9.3 - Jumping Bytes)
Mouse Driver (HKLM-x32\...\InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}) (Version: 5.1 - Driver Builder)
Mouse Driver (x32 Version: 5.1 - Driver Builder) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Need for Speed™ Hot Pursuit (HKLM-x32\...\{83A606F5-BF6F-42ED-9F33-B9F74297CDED}) (Version: 1.0.0.0 - Electronic Arts)
NETGEAR WG111v2 wireless USB 2.0 adapter (HKLM-x32\...\{4102037D-E8E0-48E0-B203-E521D194FB71}) (Version: 1.0.0.133 - NETGEAR)
NETGEAR WNDA3200 wireless adapter Setup (HKLM-x32\...\{9B02F55E-7E6B-4226-8E67-76514D33FD41}_is1) (Version: 1.0.0.11 - NETGEAR)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.6 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenVPN Client (HKLM-x32\...\{072A5217-8165-4AB7-8366-36CB3245DB60}) (Version: 1.5.6 - OpenVPN Technologies)
Opti Drive Control 1.70 (HKLM-x32\...\{80157B54-DB3E-4EE9-8AD8-63A905765FF4}_is1) (Version:  - Erik Deppe)
PC Connectivity Solution (HKLM-x32\...\{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}) (Version: 8.47.7.0 - Nokia)
PDF Reader (HKCU\...\PDF Reader) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PeerBlock 1.1+ (r691) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.691 - PeerBlock, LLC)
Popcorn4TV version 1.0 (HKLM-x32\...\{FA0CD53E-825A-48F4-9AAC-D3E6B718EAC8}_is1) (Version: 1.0 - Popcorn4TV)
Product Support (HKLM-x32\...\test) (Version: {VERSION} - Product Support)
Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
qBittorrent 3.0.9 (HKLM-x32\...\qbittorrent) (Version: 3.0.9 - Christophe Dumez)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
SAM Broadcaster (remove only) (HKLM-x32\...\SAM3) (Version:  - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SamsungConnectivityCableDriver (HKLM-x32\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
ShotOnline (HKLM-x32\...\ShotOnline) (Version: 1.0 - GamesCampus)
Slice Audio File Splitter (HKLM-x32\...\Slice) (Version:  - NCH Software)
Sniper Elite 3 (HKLM-x32\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - )
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.11.201408051401 - Sony Mobile Communications AB)
Sony PC Companion 2.10.211 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1142 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.11.1 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
TmUnitedForever (HKLM-x32\...\TmUnitedForever_is1) (Version:  - Nadeo)
TubeMaster++ 2.7 (HKLM-x32\...\TubeMaster++) (Version: 2.7 - GgSofts)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Wargame Red Dragon (HKLM-x32\...\Wargame Red Dragon_is1) (Version:  - )
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
WTF (HKLM-x32\...\WTF_is1) (Version: WTF - onnet)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1172466162-1326600968-4123945386-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
08-10-2014 20:09:56 Removed Facebook Video Calling 3.1.0.521
08-10-2014 20:11:03 Removed Java 7 Update 45 (64-bit)
08-10-2014 20:12:31 Removed Google Talk Plugin
08-10-2014 20:13:14 Removed Google Earth.
08-10-2014 20:14:55 Removed Java 7 Update 51
08-10-2014 20:16:06 Removed Java™ 6 Update 31
08-10-2014 20:19:37 Removed Java™ 7 Update 4
08-10-2014 20:20:44 Removed JavaFX 2.1.1
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2011-12-04 04:39 - 2014-05-26 23:57 - 00000857 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 goldenteenet.itsgames.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {34C7244D-9E85-4DBC-89F3-4161BA15739E} - System32\Tasks\{99FFB9E3-0852-4CF7-AACA-A49C0DD556DB} => E:\Program Files\Enemy Front\Bin32\EnemyFront.exe
Task: {4A3C3984-573E-48C9-ADEE-12E951CF2F84} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {8E2C7671-7D08-43C2-A6C6-A615371EFCDF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {8E3AE834-2CF5-41E7-B392-6BADA4F38B31} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {931124A7-DB55-47D8-BC8D-FA16342984EA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000UA1cf4902335f4e80 => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04] (Google Inc.)
Task: {99D187F2-30A4-4428-B3D7-CEEE4AEF1176} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000UA => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04] (Google Inc.)
Task: {9E317D0B-91CE-4945-8619-79E1286A4AC1} - System32\Tasks\Origin => C:\Users\Steve\AppData\Roaming\Origin\update.vbe <==== ATTENTION
Task: {BF1FC308-663F-4AA4-BED6-01DE84EBA732} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000Core => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04] (Google Inc.)
Task: {DF266568-8F23-4EC6-9DE9-2438DC45452E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {E6C209BA-7EE3-4467-B32C-F5FD18610F74} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {E7C3099B-FA01-40E9-BCC0-690648284B76} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {EA1A4EB1-EA81-4BF1-B045-FD2CF1FD8535} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {EFCE7897-2D04-436F-890C-F83E361EAB68} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {F95A8D81-AA0A-4EF9-80F9-B4E607E9292C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000Core1cf49022f53b150 => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000Core.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000Core1cf49022f53b150.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000UA.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1172466162-1326600968-4123945386-1000UA1cf4902335f4e80.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-21 21:34 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-08-12 18:45 - 2010-08-12 18:45 - 00024064 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
2013-05-25 15:45 - 2013-11-30 12:28 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-12-07 18:07 - 2010-05-10 13:14 - 00186848 _____ () C:\Windows\SysWOW64\WinService.exe
2012-01-04 13:05 - 2010-06-23 12:41 - 00167936 _____ () C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
2009-07-05 07:35 - 2009-07-05 07:35 - 00028160 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\servicemanager.pyd
2009-07-05 07:35 - 2009-07-05 07:35 - 00110592 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pywintypes26.dll
2009-07-05 07:35 - 2009-07-05 07:35 - 00041472 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32service.pyd
2009-07-05 07:35 - 2009-07-05 07:35 - 00096256 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd
2009-10-26 10:27 - 2009-10-26 10:27 - 00153088 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd
2009-10-26 10:25 - 2009-10-26 10:25 - 00040448 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd
2009-10-26 10:25 - 2009-10-26 10:25 - 00645120 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd
2010-03-16 14:05 - 2010-03-16 14:05 - 00020480 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd
2009-10-26 10:27 - 2009-10-26 10:27 - 00311808 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd
2009-10-26 10:25 - 2009-10-26 10:25 - 00073728 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd
2009-10-26 10:27 - 2009-10-26 10:27 - 00011776 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\select.pyd
2010-05-05 14:44 - 2010-05-05 14:44 - 00010752 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd
2010-05-05 14:44 - 2010-05-05 14:44 - 00051200 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd
2010-05-05 14:44 - 2010-05-05 14:44 - 00039936 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd
2009-07-05 07:35 - 2009-07-05 07:35 - 00036352 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd
2010-05-05 14:43 - 2010-05-05 14:43 - 00008192 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd
2009-07-05 07:35 - 2009-07-05 07:35 - 00110592 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32security.pyd
2009-07-05 07:35 - 2009-07-05 07:35 - 00017920 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd
2009-07-06 05:16 - 2009-07-06 05:16 - 00111104 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32file.pyd
2009-07-05 07:35 - 2009-07-05 07:35 - 00024064 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32pipe.pyd
2014-09-24 22:27 - 2014-09-23 05:06 - 01098056 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-24 22:27 - 2014-09-23 05:06 - 00174408 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-24 22:27 - 2014-09-23 05:07 - 08577864 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 22:27 - 2014-09-23 05:07 - 00331592 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 22:27 - 2014-09-23 05:06 - 01660232 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:088B37DC
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\Users\Steve\Downloads\Fayed_PWCT_1.9_Art.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80792581.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\80792581.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: 1a34a8e0 => 2
MSCONFIG\Services: CrossLoopService => 2
MSCONFIG\Services: DragonUpdater => 2
MSCONFIG\Services: FirebirdGuardianDefaultInstance => 2
MSCONFIG\Services: FirebirdServerDefaultInstance => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: tbbLoaderService => 2
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\Services: vToolbarUpdater13.2.0 => 2
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: WMZuneComm => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: ZuneNetworkSvc => 3
MSCONFIG\Services: ZuneWlanCfgSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk => C:\Windows\pss\NETGEAR WG111v2 Smart Wizard.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNDA3200 Smart Wizard.lnk => C:\Windows\pss\NETGEAR WNDA3200 Smart Wizard.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN Client.lnk => C:\Windows\pss\OpenVPN Client.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2YourFace_Updater.lnk => C:\Windows\pss\2YourFace_Updater.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk => C:\Windows\pss\GamersFirst LIVE!.lnk.Startup
MSCONFIG\startupreg: AceStream => C:\Users\Steve\AppData\Roaming\ACEStream\engine\ace_engine.exe
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Steve\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: Bandwidth Monitor => C:\Program Files (x86)\Online Bandwidth Monitor\BandwidthMonitor.exe
MSCONFIG\startupreg: BigDogPath => C:\Windows\VM302Snap.exe Vimicro USB PC Camera (ZC0302)
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CrossLoop => "C:\Users\Steve\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server  -minimize
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Facebook Update => "C:\Users\Steve\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_3E7806DA78C4352052F851DEE3FA5D4E => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HF_G_Jul => "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe"  /DoAction
MSCONFIG\startupreg: HOSTS Anti-Adware_PUPs => C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
MSCONFIG\startupreg: Huofma => "C:\Users\Steve\AppData\Roaming\Ikteyzqe\emkiku.exe"
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: InstallerLauncher => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft Device Center\ipoint.exe"
MSCONFIG\startupreg: IntelliType Pro => "C:\Program Files\Microsoft Device Center\itype.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: KMCONFIG => C:\Program Files (x86)\Mouse Driver\StartAutorun.exe KMConfig.exe
MSCONFIG\startupreg: LogMeIn GUI => "D:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MediaGet2 => C:\Users\Steve\AppData\Local\MediaGet2\mediaget.exe --minimized
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: MySQL Notifier => E:\Program Files\MySQL Notifier 1.1.5\MySqlNotifier.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: RamBooster => C:\Program Files (x86)\RamBooster 2.0\Rambooster.exe
MSCONFIG\startupreg: RAMDef => C:\Program Files (x86)\RAM Def\ramdef.exe -tray
MSCONFIG\startupreg: ROC_ROC_JULY_P1 => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "D:\Program Files (x86)\ATI Drivers\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "D:\Program Files\Dead Island\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: Wallpaper Changer => C:\Program Files (x86)\Wallpaper Changer\Wallpaper Changer.exe /minimized
MSCONFIG\startupreg: WmiPrv => C:\Users\Steve\AppData\Roaming\.ACEStream\WmiPrv\WmiPrvSE.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: WSHelperSetup.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1172466162-1326600968-4123945386-500 - Administrator - Disabled)
Guest (S-1-5-21-1172466162-1326600968-4123945386-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1172466162-1326600968-4123945386-1002 - Limited - Enabled)
Steve (S-1-5-21-1172466162-1326600968-4123945386-1000 - Administrator - Enabled) => C:\Users\Steve
 
==================== Faulty Device Manager Devices =============
 
Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: AODDriver4.1
Description: AODDriver4.1
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.1
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/15/2014 06:26:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/15/2014 06:26:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/15/2014 01:19:45 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (10/13/2014 07:41:04 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108
 
Error: (10/12/2014 05:25:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108
 
Error: (10/11/2014 01:09:37 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (10/10/2014 03:35:53 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108
 
Error: (10/08/2014 06:38:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/08/2014 04:43:40 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/08/2014 01:41:43 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (10/15/2014 06:32:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PDIHWCTL service failed to start due to the following error: 
%%2
 
Error: (10/15/2014 06:32:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
Error: (10/15/2014 06:32:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HOSTS Anti-PUPs service failed to start due to the following error: 
%%2
 
Error: (10/15/2014 06:32:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Aspi32 service failed to start due to the following error: 
%%1275
 
Error: (10/15/2014 06:32:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\aspi32.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (10/15/2014 06:32:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2 service failed to start due to the following error: 
%%3
 
Error: (10/15/2014 06:32:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.1 service failed to start due to the following error: 
%%3
 
Error: (10/14/2014 02:29:19 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
 
Error: (10/13/2014 10:32:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PDIHWCTL service failed to start due to the following error: 
%%2
 
Error: (10/13/2014 10:32:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
 
Microsoft Office Sessions:
=========================
Error: (10/15/2014 06:26:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Steve\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (10/15/2014 06:26:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Steve\Downloads\esetsmartinstaller_enu.exe
 
Error: (10/15/2014 01:19:45 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (10/13/2014 07:41:04 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108
 
Error: (10/12/2014 05:25:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108
 
Error: (10/11/2014 01:09:37 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (10/10/2014 03:35:53 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108
 
Error: (10/08/2014 06:38:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (10/08/2014 04:43:40 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (10/08/2014 01:41:43 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Steve\Downloads\esetsmartinstaller_enu (1).exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-27 14:24:10.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:24:07.491
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:24:04.526
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:24:01.385
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:19:32.023
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:19:28.535
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:19:25.242
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:19:21.817
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:19:18.516
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-27 14:19:15.264
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ 9500 Quad-Core Processor
Percentage of memory in use: 48%
Total physical RAM: 3070.49 MB
Available physical RAM: 1573.72 MB
Total Pagefile: 6139.17 MB
Available Pagefile: 4409.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Vista) (Fixed) (Total:70.82 GB) (Free:7.59 GB) NTFS
Drive d: (HP) (Fixed) (Total:244.14 GB) (Free:97.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:140.52 GB) (Free:52.84 GB) NTFS
Drive f: (FACTORY_IMAGE) (Fixed) (Total:10.27 GB) (Free:1.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=211.3 GB) - (Type=OF Extended)
 
==================== End Of Log ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:32 AM

Posted 17 October 2014 - 01:26 PM

Sorry for this delay. I had technical problems.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKLM\...\Policies\Explorer: [3212083974] 0x504B0304C239B7F8068374BFB511000000400000E269F63D73594F6202C9694280CC96A28BBD63516FE3C2D5F7A2FF87AC3A990C3EC3B2ED7B07716237A0DFB1DFB651F67E31CB2E7649F98D5E55E9B25B1A579794989B176C357BDCC11226BD6ECB7DE8A63EA2165F6B31EAD6B0A2A96A6E9D04B9B39F194EF52D48B088D4B6597F685A70FF6912914F86D8235681747DA26CFD83223D3D248872C51095484634EBF976E4595F734BD35CAF42B38DCF9E878AF0BE0A5E84B22940F721E8BBCDCBAA3E53607359252DB16C0D6C38A142261BB4896D12A48C006CC3C21FDF717C155B2AF0375D2545EE286C2AECB2955206EF25C82DC686F7EB83BB3072E94E1E59254B11A2E3628E1D98E177375B54E682A1C77F986E1907FFCB784ACCACB124189751D7EBBAFC91D3A127F134A85E27F8C201D9082F621F5FFFAC09D2AAB94A62F90BD74D6C96A8DB6D42E4E98316449D202A4E24857673E2A50B7DFD9D5AF72A21A19A922ACC9675BA933A1C6AD4E0A11470FBB82EED7A79C5CA2DBB0BEC5B2B43BAA37373D3EF494726D7CF4A4AA8A3D6A5C206CED49148C0100BFA96B707BE91B855151D8DA8E0723DD1303325011B3951C9DF7B10E9B153BCED98376C4D7517F2E0E23A986914B2B0F978454441C47B5797D924CE9CD186D74D308099EE52F226E92DE6B50E4A0691F75CFA9CE733494B8CAFAEB4BE4C65F6C9DFFA34A3C2ED9D14F5844164BE79B7A90495290350177B03AEFA777FF519B624E3C75C219260AC447BBA9A6DB56F34B340A5F75837FAB3C33831A3BC39C2914AEB87A39545BD7ED52450EB7E94D5380E2BABCE3F8EE6E3CDC9D4ED54D9889D9DBD0DC879CAA2B121048A308A7F873252DAD24EA8F8911EA0A3B202DE930A9FC882CF1349FFE229016B2EBFD7821B8986D31DECCBC296BA54FD6D864C915F1D77AC0734D96FE0BA43A669FAB128026C7F90E9E1E0A7047F5A2378E4DE0966EB6C217B3483194B2B21A3FA8A1CBEF1D66A3FC8A5C863BCEA6157981A11449BAE3357F3287501CB9C24E0AFB156F5DDFD6855CD8B7B43FEABD9412C1C208B5DE2330C469A59DE5B490CC06BFD5A4900CB121EB967BC7185A9F00112A5B1E8D8028CA02B0F2B194AF03CC1E172B70C9B88643E3C064B5406CF184AD9EBA26736EF6FEB30DAC8BA400933A32A3C03230BD732FCBE16C4B3BDCC0B501616CE956D968B8DA68B4A9A64238601E81E78095961580431361A4DD9FE963D3CEBA5C21BBA416C1CC9D94BB842C25B2FD12C8BF42C35948272965A3FECF6E9B92D32D7E84A402A0B6214A412A23427E4852CE607FD9F7FF8559BBB96A9AE577DF0C19D108587D372470BE0D3E27ED61FEB442C2D65E55BAC81C2786CF6B837EEBC1B5AF35634B29FD5D96347B5F9C747C8A9A83E7CB3C188D9042F08FBD4EDEEBD65DE7C04B275B7FD74067A0AE3033752AA55A45A05355811416EA4A5101511E99305B700BD44742CBD6A9272B5CF4001505C4057866B57E4DE5EF0EE9F88B41986A80119C962594972011FC0C39B4A74B74747F5116D896A0EBCBB4387685672899AF54B80AE07008971EA1C997A898E33AAB769E4E52FBBEC97EBF199CE76454BADBD4EAB272F1D1CAABB3B49B3AAFC1E67D09EE8FEB0580E414EB45F3F0C25FE88872312FEC2341E7A6100B2E04ED25FCE13A146098DCE98446B2F3875ECB269A886795698619D337DA612F19BF8D4FE3028E79A26548128D1595AF0BF98FF320DC73D873F05EBD07C87CAE28DF067C00DE3E53CC77E801E1304192CA7BF78AB28DB40564328A108F9F0DDD8E1B0BAECCF16BF1DEB3CC5C4B5F5140F6B8A256E9128C203418AA3D93E3F08078977667DC02D830BB6869DE92F29A65AC6D2689D0A5A90887A8643119DC9A68B5B00BD59D45DA9D7ED5DAE6EE6DA6119243F77F51B263200F90ABBB61CCE9A951781EA2012A2C8D7200906439B08E7E76CF9C9536B2E6B560AFD7CBAA5044791EE17DED45ADFD9D359DAC0A9F4ED15BF2CB2EA9B12B7CB11B597CF2E6E750A6C636FE2C4B144F6FF43CCFFDDAE787BE160B0A8B4282B35A6AEECE165814E95CE7ADBE416EF4E51860CB4F5D50AF2A86AA4EE602A30AA54850E0CB4A38DC3A1C711B5D03B6A53EE102AC68E553D11E5FB3D0A8E0EF34266263CA4A3E0B76C55A92F75F921CD61A5363E5DB7737874D57C653D63457260B67B1DF330827B2921C29FDA0045BBE7404E40985039F7DB153F52B2C941A56E922DCFB60B89DBEE327ED6F5C1E438270F766A6ED1730FC581A4AEBCFE3B7726B27D6B092CF5A0B6954196CB4CC2788B8722338EE189D9E22692595F0D5B333B0F715CB8D94A08AFB631DBB1BE79A773E8F1A4EAF7220C24222DDA431B91D9175DFA0C6AE81E8C4C879D64446CF56FAEFE1487CA6739A776AEE42EF8BE40A612F95CDE3B1FEEAC1E1E41A24C92ED8B0152E247239E5A8BC903679CA8C7B94659AD5B1D10551F460D924FB60882FC90508C3723420F86F4CF100387E808133CC429883C0E3ACE91651C075CD19D106E0B437B0363048CA1FEAAF929B87AED90AFDE281EDCA0FA0CC7B5A7F03807FA5AC41B1ED73130EAC1117C631C1818142F24D420F6776CB53D4D0326B9FC3008C3CA03FC649D87D37FA617B74F2865C75298BED54B7D8DC676E2210374D8BF194AE2FEDA62B4798933C764CCDDF845330721FC21E68C0695CA73285103E22AE68DA440326DFEF9A80D17D0A7C3F920E7B0AA806EE9B7549ED9878B6CFB505AC69E8E8D3CFA718675764CFB03861D32AFAAE1D918BE87F6A9AC0D815C57AD3E167D642F5FCDDC25D4BA3AC3E67C26A4DEAA17797B3C0654F271EAAA442A71CBE19372ADCBDE3DF8B3FE491E5A76A79D1291A0DE317FFBF927F42782FA48270F2C969563B183A4B0112F3497DD3C2A423EC83498BDBAAC928910A9FB7FE5788E454C027A28F4A91AF2BF09E261F85B0EEE4F7929E63C4062496CB09534BB6D03FF69ED2915D0EA215B4FB3D1044E86EB87DFB4898BCBD50E5C4DDFBDB83B9410E1ADF91446C43C959E0E341D67A5A7EF8712586DE3B8B9C5B6F80F42F235BF68900EBFE6304BB0D9F67408B76201EC26180B4BD76500DE4F0DF86DF4A063AECECCA69DDF8A162B67A4B9800FA7570D5B551AC2703ADC0FFCED00650A96CD81EC4187B90C6B2140CE99C1937C40587EA72899897E628115BCAB73B3D9F425860B109A67347B8A121F65D0968D56A3DDE6B8171CEA61B08AE568B9D03C398977CE86F75055230EF370CABF67C9CF97C3223719555403F3E0BD2AF0E1E8742DECB05FADB0227F15D40EE2D6DC5A49FE1E6BC9E6CEDDE74294C3BB6FD5C5FEDFAD672DF1DFFD219BD8BC1EC39158EAB507998755F553441D01CD26A5501F6FB2DB4F3597510F85B93A542514C8013EEDBBFC913DCCE8B20A5759665BDFD9919EB22A89163D8656386D857C5BFC7C241C1D726CD94AB0F92D5B0FEFCF1D4ABDD26FBC6C17A4CCACF2D31E5E713059DE93C59D3B8D3E8D03B5D663F9DFADB03E093CB84FCF500A1F0E2E5BA1C9D81DB12CC799C6539AF0CC35682D95CB789C745A452BD8B38E6CF08E0579DA1AB43AD0858D0305F961B15A79C1090F4867040EA2BD36CF6512AAB44CE5A1098EFE039134F23BF057777FEF3E68E45827B0487924CAD4E5F0B1C3B4F5A0E3853B39640EB0782D78888FE92C3B68624E84FF6A5EDED87BE62D34CE858F34E5FFFBBA75F014DF0F648988B51A72DE1FF54D5C7A4B8ECB10C5E9EF51DE98C01EF8C406F9824A0C15A29E16B5A53E3643B0065A4263ECAE50D2CB976D3D2EA6255A65F1C6CC86167F1784A27B832037DB4CE1E262475334F3B2430F86C7A24456EEA82AB678ABA91BB4C0CC82C877B80B6D3574007257272C3E126C17A8B36AA8AA9431FF01BF658F82D8153EDDEA6804CDC564A3F5E9967B08FEEB823D3DB9356A4ACDD80E883CA58A1C661D01D145F80A3AB67E8036C0BAE1BB7BC43204EB0CF38214BC74A9AEF036A31D5A9C552D93A25C0E84057BCE5437B1634680D04A77472D631432D2BAA7A3ACD64220EFCF9E7848F8FD9801BEF7561A470A1822032160EB59EDC0F977882DCE4FB2872D89D27FF076DBA74A9672F86909956579C28853FA8DE7002CC8458D09256D42A39F1A4BDB6B56D36D51488E7368686E54C1BBBFFF48884E0D536BE362E59BD7F18329A4B82AED396E4F92865F594D0DA38F7CACE7A4603AF60C1A53BDFD19476094AAC6E4A8F31FC1257D48D03BB0EF515D8460B9441532C8B5043D0531D5881ADB6D997BB184FD8CAF4D8E6C759C3F7143B9E32BC7A0EC6234B68ADF4111CA1D136721438E5E6D7125D480CE982D84AEA7703B4010CD27867D6DDC5E0C970385196F020E48EDDB24C56972F9E61E6CC29C1712551583828F899534AACFFFC66F99999EA2BA2731D52A7FD2FA262A22B075DA52A5AA58F5B41AA9CDC9181406717F3F75E7C475090121966838125236E4DC6291AE3874968E8208B983AADB03CA60ACD935E6DA1B829407F70A77340E4439F22FDC2FC4218DE0F25D2F886C0AAEB693C2B23DB0EAB9953BF806C2173E0BC9D0D7EF0E763775BC1432FF48D6035B1214294C81B71CD98C42831014090CD99CB74929AE853F88132E559104D4FEA98AD40F17DA4100A909A6981BAD9EFB240A79520927AA12232A56F4D8893BFF92BFC2BD42CF3DC09BDC484DFDBA3A10C609186104CE33E3024F44000BE34814FF5DC9872D44B4157FB3A6655B985F6CC5EF4586F2ABFEE12DCBDB90181B396F95FE3213F094D1F3DD3D7FED800F4ED21290F613B62048E0FC1F1328D9F87A5653B489D36F727BE9D755523DEF0472F1C1D5AC90EE665379FF39D06E863C244890F5333A0B89B92022C1A8198029FE5F8C203B3DD211D4398958EE190108DD50B7850E20D8ABE2B927D53D28F3B8CA26BE81BC6B83C0E2B3B1DDA28066C63860CEA89DF82708EF21D4D36B84663E87B4385A3E37BD3FF1EB2BF64184C44723490669AF4DA092D45BA21A569A352E513D9A9B43E9CD4B812055822626EFC55F950009232B8B3BB2D63D44A8B0BD9BD4E84C5A724496A2326F63C97DBCB235366EC0CF6096B5F4988D073C34BD3A084130CEA8D6EE22E542B411C1E18599667B3FD6DDE0669AD82C85A1C10CA5862213CB1BB277E6C4F6564F20A9BCEA1B48170504C47235D78ED0A0441987C8C17D90D7B56CF487C46733BA4A6848FEC42B97CE4048F3C6D9C493322F052EF93F02F142B3940A10921BD15C911E7A97AA4A20DC383C62CD288D252BA937B3F60761E6653568A01241BB573664DE04811CF3F59B4C2D7E8A6C55DA16F468383456AA751697697397C2A5E5ABFA0F1099D80447D49DA509AA1347F3943EE9BAA1FDAD2A0E69410B34253AD4991282D0E952260F52AB9F02A3D00B37098CF60354424F862066E45E92AC475C99A00E7380766E589ABF66271619142795CF7A7FBD138A6CC5BD7E135122341D1F06EB5B436C59BE0ADEDC71BC03D7C63C16751AD56C69E36DECFE9E8214C719FCDF2E9FE2DC971F03C1C2AD6B6D368FE8B11D0389650C73D1C7E73708145FA05992A150E6A909656EA786E244BDF1CD71F4B0FD05B1335D703182FFA9D96C99108297B1FE327A83BF4F69D2A9C3D1EB73A9DD8CEE2B3220904AC31011FD6407A5BA427FACB46227FDEDB13D1CA6443DED3DC3B6CF06A59DC9B9226FBF357334ABF58412605FD206E7B6125FA19E5D68F75783FA08205B05C0A12D1830068317F6105958C4EB37BCB1BEAE6A401C267641AA58274A410D76B4D2A03E418020869B6886BB81964761B3FCD8EA68050AD6CFF99649CDE8FA53F04B0C96E271C0B092E24D81EA2D723775799E713EA9DA6967EF57AAAFE1C6732F2F047556027F021C65FC20C1C3BCB392ACF8FF7A9E14D9728A5AAACD255FC3866B041E9C96DCF592083D78C9E405DDD7991D2E2536D2EB1BA0F0ECE3DFB6A34C2665CFAC2D1850FD478F617FDD4E9DD4492C553BD375CFD33F4744D642006F3A5216A1FF7D73643ED751CAECDFDCB56247AA2F66FBCB8315DAAA86006A99E0350A72D5D5260D6BB77AC53CDD7ABACB859586C279B7FACDF076C922AC27F3E907FB3B4EC977CA634A28DF064162165222DCCE674DAB60A4E9D48E7FCEA267ABB1F8E0A2012AA6DB532A4CE74FBAF583E2C292FA1B56BE585D14EE073CDAFE3FC0C19050E698EC41B9D27F5DB41A779208118A5D3F8F74333B2AD2FE3CEE273BBFEA485EAD817EFFEDF1260C1A125070589B6F0F31984ED498CBD273E84A718F54C82CBC2747E678F8437DDE23C9EA3C877823034B7C70731C2D01CC09D11D3364E7945B6480B9B416ACB54CD1194B46C6D2E147619AC1C1FA915AF80A5098647247EBCF0449634F69C96AFC740BCE61993228183D98D0F85406D8FFD934
ShellIconOverlayIdentifiers: [1CryptoProviderIcons] -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} => C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll No File
ProxyServer: http=127.0.0.1:13813;https=127.0.0.1:13813
BHO-x32: Easy DJ Software Support -> {2AE7471D-5150-48CF-8498-4CB9E8FAEA90} -> C:\Program Files (x86)\Product Support\1.0.0.0\Product Support.dll (Download Manager)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Extension: ShoppingChip - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\gxf_dtwq@kvxhptrtc.co.uk [2013-12-14]
FF Extension: SNT - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\yuaeat0g-z@oy-eoyjaao.co.uk [2014-03-16]
FF Extension: z - C:\Program Files (x86)\Mozilla Firefox\extensions\{e0840974-73d4-c17d-37a7-b69bcfd8d2f5} [2014-09-25]
CHR HKCU\...\Chrome\Extension: [oeflloaldpdfnbhbafhgdnjmcfbeekbe] - C:\Users\Steve\AppData\Local\CRE\oeflloaldpdfnbhbafhgdnjmcfbeekbe.crx [2014-01-28]
CHR HKLM-x32\...\Chrome\Extension: [oeflloaldpdfnbhbafhgdnjmcfbeekbe] - C:\Users\Steve\AppData\Local\CRE\oeflloaldpdfnbhbafhgdnjmcfbeekbe.crx [2013-02-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [X]
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [X]
S4 LMIRfsClientNP; No ImagePath
S2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 ATICDSDr; \??\C:\Users\Steve\AppData\Local\Temp\ATICDSDr.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 LMIInfo; \??\D:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S2 PDIHWCTL; \??\C:\Windows\system32\drivers\pdihwctl.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:088B37DC
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\Users\Steve\Downloads\Fayed_PWCT_1.9_Art.exe:BDU

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please let me know what problem persists.

#5 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:09:32 AM

Posted 18 October 2014 - 07:27 AM

 
CHR HKLM-x32\...\Chrome\Extension: [oeflloaldpdfnbhbafhgdnjmcfbeekbe] - C:\Users\Steve\AppData\Local\CRE\oeflloaldpdfnbhbafhgdnjmcfbeekbe.crx [2013-02-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [X]
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [X]
S4 LMIRfsClientNP; No ImagePath
S2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 ATICDSDr; \??\C:\Users\Steve\AppData\Local\Temp\ATICDSDr.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 LMIInfo; \??\D:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S2 PDIHWCTL; \??\C:\Windows\system32\drivers\pdihwctl.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:088B37DC
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\Users\Steve\Downloads\Fayed_PWCT_1.9_Art.exe:BDU
 
End
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\3212083974 => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1CryptoProviderIcons" => Key deleted successfully.
"HKCR\CLSID\{24808826-C2BF-4269-B3BA-89D1D5F431A4}" => Key deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AE7471D-5150-48CF-8498-4CB9E8FAEA90}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{2AE7471D-5150-48CF-8498-4CB9E8FAEA90}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Handler\linkscanner" => Key not found.
"HKCR\Wow6432Node\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@ogplanet.com/npOGPPlugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\gxf_dtwq@kvxhptrtc.co.uk => Moved successfully.
C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\yuaeat0g-z@oy-eoyjaao.co.uk => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{e0840974-73d4-c17d-37a7-b69bcfd8d2f5} => Moved successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\oeflloaldpdfnbhbafhgdnjmcfbeekbe" => Key deleted successfully.
"C:\Users\Steve\AppData\Local\CRE\oeflloaldpdfnbhbafhgdnjmcfbeekbe.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oeflloaldpdfnbhbafhgdnjmcfbeekbe" => Key deleted successfully.
"C:\Users\Steve\AppData\Local\CRE\oeflloaldpdfnbhbafhgdnjmcfbeekbe.crx" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
AMD FUEL Service => Service deleted successfully.
HOSTS Anti-PUPs => Service deleted successfully.
LMIRfsClientNP => Service deleted successfully.
AODDriver4.1 => Service deleted successfully.
AODDriver4.2 => Service deleted successfully.
ATICDSDr => Service deleted successfully.
dgderdrv => Service deleted successfully.
EagleX64 => Service deleted successfully.
LMIInfo => Service deleted successfully.
PDIHWCTL => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
X6va011 => Service deleted successfully.
X6va016 => Service deleted successfully.
xhunter1 => Service deleted successfully.
C:\ProgramData\TEMP => ":088B37DC" ADS removed successfully.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
C:\Users\Steve\Downloads\Fayed_PWCT_1.9_Art.exe => ":BDU" ADS removed successfully.
 
==== End of Fixlog ====
 
As far as I know it's still here,,will post back in an hour or so to say whether it's fixed or not..


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:32 AM

Posted 18 October 2014 - 09:04 AM

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#7 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:09:32 AM

Posted 18 October 2014 - 09:44 AM

Yeah the problem with the sound is still here,,I thought it had gone as it didnt happen for a long while after the last fix,But unfortunately it is back again.

I am just doing the above security check now so will post the results asap.



#8 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:09:32 AM

Posted 18 October 2014 - 09:49 AM

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
AVG Internet Security 2014   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
  Adobe Flash Player 13.0.0.214 Flash Player out of Date!  
 Mozilla Firefox 32.0.3 Firefox out of Date!  
 Google Chrome 37.0.2062.124  
 Google Chrome 38.0.2125.104  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 
 
This says that flash is out of date but i know that it isn't,,and firefox may be but i hardly use it,,only for a certain site i use that works better with that,
I hope we can get to the bottom of this annoying problem.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:32 AM

Posted 18 October 2014 - 12:54 PM

Is it the StartUpSound?
It's disable.
mPolicies-System: DisableStartupSound = dword:1


Please run the Farbar Recovery Scan Tool. Enter DisableStartupSound in the Search Box.
click the Search Registry button, post the content of the Search.txt file in your next reply.

I will give you a fix.
===

AVG Internet Security 2014
Antivirus out of date!

Take care of this, it's important.

===

#10 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:09:32 AM

Posted 18 October 2014 - 04:23 PM

No,,it isn''t the startup sound,,,it the sound that is assigned to the Close Program/Window action, I haven't changed anything for it to start happening and it happens at all different random times and even when there are no windows open.

I have also noticed recently that the system seems to use a lot more resources than it should for seemingly simple tasks which it never used to use a lot for,,,these include simple web pages and especialkly anything that uses flash,,,my computer really shouldn't struggle with things like this and it never has before so i know something is wrong somewhere, I just hope you guys can help me get to the bottom of it.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:32 AM

Posted 24 October 2014 - 08:38 AM

Sorry for this delay.

I had a hardware problem.

Are you still with me?

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:32 AM

Posted 30 October 2014 - 09:28 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users