Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

getting unwanted extra tabs that are not in the tabs list on startup


  • This topic is locked This topic is locked
48 replies to this topic

#1 xXEdgeXx10

xXEdgeXx10

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 16 October 2014 - 08:10 PM

i am getting tabs such as 

http://--load-component-extension%3Dc/Program%20Files/Google/Chrome/Application/Extensions/chrome/man

when i start up chrome  that only started after i managed to get rid of some extension coupon malware(i thought)

it brings up 4 blank tabs with names like that and they do nothing as far as i know, how can i fix these.



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 17 October 2014 - 08:16 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 xXEdgeXx10

xXEdgeXx10
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 20 October 2014 - 12:40 AM

im sorry it took a while to get back to you i was on call for the weekend and it was non stop. will get to fixing it now



#4 xXEdgeXx10

xXEdgeXx10
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 20 October 2014 - 12:47 AM

Here is the FRST logs
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2014
Ran by Jason (administrator) on JASON-PC on 19-10-2014 22:42:47
Running from C:\Users\Jason\Downloads
Loaded Profiles: UpdatusUser & Jason (Available profiles: UpdatusUser & Jason)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Curse) C:\Users\Jason\AppData\Local\Apps\2.0\XVLA9Y8O.B4A\YMXBL2HO.L9J\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
() C:\Program Files (x86)\AlienRespawn\Components\Shell\DBRCrawler.exe
(Curse, Inc) C:\Users\Jason\AppData\Roaming\Curse Client\Bin\Curse.exe
(Microsoft Corporation) C:\WINDOWS\System32\StikyNot.exe
(Alienware, Inc.) C:\Program Files (x86)\Alienware Customer Surveys\AlienSurvey.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3011312 2013-04-08] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-04-10] (Intel Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13840 2013-11-04] (Alienware)
HKLM-x32\...\Run: [Alienware Survey] => c:\Program Files (x86)\Alienware Customer Surveys\AlienSurvey.exe [7396920 2013-04-23] (Alienware, Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [4593968 2013-11-15] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2136795737-589673086-1470654499-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2136795737-589673086-1470654499-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2136795737-589673086-1470654499-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2136795737-589673086-1470654499-1001\...\MountPoints2: E - E:\VerizonWirelessUpgradeAssistantSetup.exe -a
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-23] (NVIDIA Corporation)
AppInit_DLLs:  C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL => C:\ProgramData\Performance Optimizer\PerformanceOptimizer_x64.dll [4303360 2014-09-21] ()
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\Jason\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.alienwarearena.com/welcome-us
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.alienwarearena.com/welcome-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/
SearchScopes: HKLM - DefaultScope {61C8805D-AF83-4B84-BADB-BADFF31F596C} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {61C8805D-AF83-4B84-BADB-BADFF31F596C} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - DefaultScope {61C8805D-AF83-4B84-BADB-BADFF31F596C} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {61C8805D-AF83-4B84-BADB-BADFF31F596C} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKCU - {61C8805D-AF83-4B84-BADB-BADFF31F596C} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-10] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-19] (Realtek Semiconductor)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-08-29] (Microsoft Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-04-01] (Broadcom Corporation.)
S3 ghsdiagMDM; C:\Windows\System32\DRIVERS\ghsdiagMDM.sys [122496 2011-11-28] (HS Incorporated)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-04-05] (Intel Corporation)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [165824 2012-12-12] (Qualcomm Atheros, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-10-23] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-05-18] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [34984 2014-05-18] (Razer Inc)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32496 2013-04-08] (Synaptics Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-19 22:42 - 2014-10-19 22:43 - 00020951 _____ () C:\Users\Jason\Downloads\FRST.txt
2014-10-19 22:42 - 2014-10-19 22:42 - 00000000 ____D () C:\FRST
2014-10-19 22:40 - 2014-10-19 22:41 - 02112512 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe
2014-10-17 02:39 - 2014-10-17 02:39 - 00000950 _____ () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2014-10-17 02:39 - 2014-10-17 02:39 - 00000942 _____ () C:\Users\Jason\Desktop\osu!.lnk
2014-10-17 02:38 - 2014-10-17 10:47 - 00000000 ____D () C:\Users\Jason\AppData\Local\osu!
2014-10-17 00:46 - 2014-10-17 00:46 - 03132488 _____ (ppy) C:\Users\Jason\Downloads\osu!install.exe
2014-10-14 19:25 - 2014-10-09 19:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-14 19:25 - 2014-10-09 19:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-14 19:25 - 2014-10-09 19:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-14 19:25 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 19:25 - 2014-08-18 20:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 19:25 - 2014-08-18 20:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 19:25 - 2014-08-18 20:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 19:25 - 2014-08-18 20:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 19:25 - 2014-08-18 20:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-14 19:25 - 2014-08-18 20:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-14 19:25 - 2014-08-18 20:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 19:25 - 2014-08-18 20:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 19:25 - 2014-08-18 20:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 19:25 - 2014-08-18 20:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 19:25 - 2014-08-18 19:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 19:25 - 2014-08-18 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-14 19:25 - 2014-08-18 19:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 19:25 - 2014-07-06 19:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 19:25 - 2014-07-06 19:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 19:25 - 2014-07-06 19:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 19:25 - 2014-07-06 19:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 19:25 - 2014-07-06 19:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 19:25 - 2014-07-06 19:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 19:25 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 19:25 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 19:25 - 2014-07-06 19:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 19:25 - 2014-07-06 19:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 19:25 - 2014-07-06 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 19:25 - 2014-07-06 18:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 19:25 - 2014-07-06 18:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 19:25 - 2014-07-06 18:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 19:25 - 2014-07-06 18:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 19:25 - 2014-07-06 18:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 19:25 - 2014-07-06 18:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 19:25 - 2014-07-06 18:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 19:25 - 2014-07-06 18:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 19:25 - 2014-07-06 18:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 19:25 - 2014-07-06 18:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 19:25 - 2014-07-06 18:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 19:25 - 2014-07-06 18:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 19:25 - 2014-07-06 18:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 19:25 - 2014-07-06 18:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 19:25 - 2014-07-06 18:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 19:25 - 2014-07-06 18:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 19:25 - 2014-07-06 18:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 19:25 - 2014-07-06 18:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 19:25 - 2014-07-06 18:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 19:25 - 2014-07-06 18:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 19:25 - 2014-07-06 18:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 19:25 - 2014-07-06 18:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 19:25 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 19:25 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 19:25 - 2014-07-06 18:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 19:25 - 2014-07-06 18:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 19:25 - 2014-07-06 18:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 19:25 - 2014-07-06 18:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 19:25 - 2014-07-06 18:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 19:25 - 2014-07-06 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 19:25 - 2014-06-27 17:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 19:25 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 19:25 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 19:25 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 19:25 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 19:25 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 19:25 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 19:25 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 19:25 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 19:24 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 19:24 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 19:24 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 19:24 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 19:24 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 19:24 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 19:24 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 19:24 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 19:24 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 19:24 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 19:24 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 19:24 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 19:24 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 19:24 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 19:24 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 19:24 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 19:24 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 19:24 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 19:24 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 19:24 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 19:24 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 19:24 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 19:24 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 19:24 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 19:24 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 19:24 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 19:24 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 19:24 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 19:24 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 19:24 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 19:24 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 19:24 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 19:24 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 19:24 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-14 19:24 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 19:24 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 19:24 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 19:24 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 19:24 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 19:24 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 19:24 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 19:24 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-14 19:24 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-14 19:24 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 19:24 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 19:24 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 19:24 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-14 19:24 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 19:24 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 19:24 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 19:24 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-14 19:24 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 19:24 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 19:24 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 19:24 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 19:24 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 19:24 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 19:24 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 19:24 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 19:24 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 19:24 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 19:24 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 19:24 - 2014-07-16 19:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 19:24 - 2014-07-16 19:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-14 19:24 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 19:24 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 19:24 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 19:24 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 19:24 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 19:24 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 19:24 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 19:24 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 19:24 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-14 19:24 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-14 19:24 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 19:24 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 19:24 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 19:24 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-13 03:40 - 2014-10-13 03:40 - 00000739 _____ () C:\Users\Jason\Desktop\ATLauncher - Shortcut.lnk
2014-10-12 05:01 - 2014-10-13 03:40 - 00000072 _____ () C:\Users\Jason\.atl.properties
2014-10-12 05:00 - 2014-10-12 05:12 - 00000000 ____D () C:\Users\Jason\Downloads\Temp
2014-10-12 05:00 - 2014-10-12 05:03 - 00000000 ____D () C:\Users\Jason\Downloads\Instances
2014-10-12 05:00 - 2014-10-12 05:02 - 00000000 ____D () C:\Users\Jason\Downloads\Configs
2014-10-12 05:00 - 2014-10-12 05:00 - 00000000 ____D () C:\Users\Jason\Downloads\Servers
2014-10-12 05:00 - 2014-10-12 05:00 - 00000000 ____D () C:\Users\Jason\Downloads\Backups
2014-10-12 03:53 - 2014-10-12 03:53 - 01099171 _____ () C:\Users\Jason\Downloads\ATLauncher.exe
2014-10-11 01:12 - 2014-10-14 23:06 - 01200128 _____ () C:\Users\Jason\Desktop\New roster document.abcr
2014-10-11 00:10 - 2014-10-11 00:10 - 00000105 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-10-11 00:10 - 2014-10-11 00:10 - 00000000 ____D () C:\Users\Jason\Documents\ABC Roster Recovery
2014-10-11 00:07 - 2014-10-11 00:07 - 00000000 ____D () C:\Users\Jason\Documents\ABC Roster Samples
2014-10-11 00:07 - 2014-10-11 00:07 - 00000000 ____D () C:\Users\Jason\AppData\Local\ABC_Roster
2014-10-11 00:07 - 2014-10-11 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABC Roster
2014-10-11 00:07 - 2014-10-11 00:07 - 00000000 ____D () C:\Program Files (x86)\ABC Roster
2014-10-11 00:06 - 2014-10-11 00:06 - 07421694 _____ ( ) C:\Users\Jason\Downloads\abcroster-1.9.3-setup.exe
2014-10-11 00:02 - 2014-10-11 00:02 - 00012808 _____ () C:\Users\Jason\Downloads\TP006256176.cab
2014-10-10 22:58 - 2014-10-10 22:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-10 22:58 - 2014-10-10 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-09 16:19 - 2014-10-09 16:24 - 00000000 ____D () C:\Users\Jason\Desktop\10-09-2014
2014-10-08 15:11 - 2014-10-08 15:11 - 00084346 _____ () C:\Users\Jason\Downloads\Your Insurance Documents for policy ending with 3728, Policy Dates 10092014 - 04092015.zip
2014-10-06 17:09 - 2014-10-06 17:09 - 00000000 ____D () C:\ProgramData\Avg_Update_0914avt
2014-10-06 04:17 - 2014-10-06 04:17 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\AVG2015
2014-10-06 04:16 - 2014-10-06 04:17 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-06 04:16 - 2014-10-06 04:16 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-06 04:16 - 2014-10-06 04:16 - 00000000 ___HD () C:\$AVG
2014-10-06 04:16 - 2014-10-06 04:16 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\TuneUp Software
2014-10-06 04:16 - 2014-10-06 04:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-06 04:16 - 2014-10-06 04:16 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-06 04:08 - 2014-10-19 22:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-06 04:08 - 2014-10-06 18:28 - 00000000 ____D () C:\Users\Jason\AppData\Local\Avg2015
2014-10-06 04:08 - 2014-10-06 04:08 - 04578024 _____ (AVG Technologies) C:\Users\Jason\Downloads\avg_avct_stb_all_2015_5315_welcomecmp.exe
2014-10-06 04:08 - 2014-10-06 04:08 - 00000000 ____D () C:\Users\Jason\AppData\Local\MFAData
2014-10-05 22:54 - 2014-10-05 22:54 - 04961594 _____ () C:\Users\Jason\Downloads\TwistedFate.zip
2014-10-05 22:53 - 2014-10-05 22:54 - 04114380 _____ () C:\Users\Jason\Downloads\BilgewaterSwain.zip
2014-10-05 22:53 - 2014-10-05 22:53 - 07501342 _____ () C:\Users\Jason\Downloads\BanditSivir.zip
2014-10-05 22:52 - 2014-10-05 22:53 - 05945047 _____ () C:\Users\Jason\Downloads\Morgana.zip
2014-10-05 22:52 - 2014-10-05 22:53 - 04289608 _____ () C:\Users\Jason\Downloads\Nidalee.zip
2014-10-05 22:52 - 2014-10-05 22:52 - 04251968 _____ () C:\Users\Jason\Downloads\IronSolariLeona.zip
2014-10-05 22:52 - 2014-10-05 22:52 - 03662734 _____ () C:\Users\Jason\Downloads\SorceressLux.zip
2014-10-05 22:52 - 2014-10-05 22:52 - 03113379 _____ () C:\Users\Jason\Downloads\GrimReaperKarthus.zip
2014-10-05 22:36 - 2014-10-05 22:36 - 00275360 _____ (Microsoft Corporation) C:\Windows\system32\DreamScene.dll
2014-10-05 22:34 - 2014-10-05 22:34 - 02400768 _____ () C:\Users\Jason\Downloads\dreamsceneseven.exe
2014-10-05 22:34 - 2014-10-05 22:34 - 00001100 _____ () C:\Users\Public\Desktop\DreamScene Seven.lnk
2014-10-05 22:34 - 2014-10-05 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreamScene Seven
2014-10-05 22:34 - 2014-10-05 22:34 - 00000000 ____D () C:\Program Files (x86)\DreamScene Seven
2014-10-05 22:33 - 2014-10-05 22:33 - 02352509 _____ () C:\Users\Jason\Downloads\Vi.wmv
2014-10-05 22:33 - 2014-10-05 22:33 - 02058115 _____ () C:\Users\Jason\Downloads\Rengar.wmv
2014-10-05 22:33 - 2014-10-05 22:33 - 02022909 _____ () C:\Users\Jason\Downloads\Syndra.wmv
2014-10-05 22:33 - 2014-10-05 22:33 - 01750909 _____ () C:\Users\Jason\Downloads\Zed.wmv
2014-10-05 22:33 - 2014-10-05 22:33 - 01421309 _____ () C:\Users\Jason\Downloads\Zyra.wmv
2014-10-05 22:32 - 2014-10-05 22:33 - 01990903 _____ () C:\Users\Jason\Downloads\Pulsefire Ezreal.wmv
2014-10-05 22:32 - 2014-10-05 22:32 - 03677309 _____ () C:\Users\Jason\Downloads\Nami.wmv
2014-10-05 22:32 - 2014-10-05 22:32 - 01709309 _____ () C:\Users\Jason\Downloads\Lissandra.wmv
2014-10-05 22:32 - 2014-10-05 22:32 - 01558909 _____ () C:\Users\Jason\Downloads\KhaZix.wmv
2014-10-05 22:32 - 2014-10-05 22:32 - 01325309 _____ () C:\Users\Jason\Downloads\Diana.wmv
2014-10-05 22:32 - 2014-10-05 22:32 - 00915709 _____ () C:\Users\Jason\Downloads\Elise.wmv
2014-10-05 22:31 - 2014-10-05 22:31 - 02816509 _____ () C:\Users\Jason\Downloads\Aether Wing Kayle.wmv
2014-10-05 22:31 - 2014-10-05 22:31 - 01981309 _____ () C:\Users\Jason\Downloads\Aatrox.wmv
2014-10-05 22:31 - 2014-10-05 22:31 - 01837333 _____ () C:\Users\Jason\Downloads\Ahri.wmv
2014-10-05 20:18 - 2014-10-06 18:47 - 00000000 ____D () C:\ProgramData\DIscOeUntLoCatorr
2014-10-04 22:56 - 2014-10-04 22:57 - 22897542 _____ () C:\Users\Jason\Downloads\loginYasuo.rar
2014-10-03 22:57 - 2014-10-03 22:57 - 00000000 ____D () C:\Users\Jason\Documents\backup
2014-10-02 02:59 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-02 02:59 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 01:59 - 2014-10-10 10:16 - 00000004 _____ () C:\Users\Jason\AppData\Roaming\appdataFr2.bin
2014-09-28 04:53 - 2014-09-28 04:53 - 00000000 ____D () C:\ProgramData\SuperManCoupon
2014-09-23 23:11 - 2014-09-23 23:11 - 00000000 ____D () C:\Program Files (x86)\saveer biox
2014-09-23 22:32 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 22:32 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 13:17 - 2014-09-23 13:17 - 00000000 ___RD () C:\Users\Jason\SkyDrive
2014-09-23 13:17 - 2014-09-23 13:17 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive
2014-09-23 13:17 - 2014-09-23 13:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-09-23 13:15 - 2014-09-23 13:15 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-09-23 13:13 - 2014-09-29 02:03 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-23 13:13 - 2014-09-23 13:13 - 01054904 _____ (Microsoft Corporation) C:\Users\Jason\Downloads\Setup.X86.en-US_O365HomePremRetail_134e06ff-9747-49d4-b1c0-e2157494e3b9_TX_PR_.exe
2014-09-23 13:06 - 2014-09-23 13:06 - 00478756 _____ () C:\Users\Jason\Downloads\FMLA Request (1).zip
2014-09-22 09:08 - 2014-09-22 09:08 - 00478756 _____ () C:\Users\Jason\Downloads\FMLA Request.zip
2014-09-21 22:19 - 2014-10-05 20:18 - 00000000 ____D () C:\ProgramData\440cd4d6acb049e3
2014-09-21 22:18 - 2014-09-24 06:35 - 00000000 ____D () C:\ProgramData\saveer biox
2014-09-21 22:09 - 2014-10-06 17:11 - 00000000 ____D () C:\ProgramData\Performance Optimizer
2014-09-20 03:29 - 2014-09-20 03:29 - 04862664 _____ (AVAST Software) C:\Users\Jason\Downloads\avast_free_antivirus_setup_online.exe
2014-09-20 03:27 - 2014-09-20 03:28 - 12789816 _____ () C:\Users\Jason\Downloads\Warriors-MP3.zip
2014-09-20 01:33 - 2014-09-20 01:33 - 00000000 ____D () C:\Users\Jason\AppData\Local\BigHugeEngine
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-19 22:42 - 2009-07-13 21:51 - 00061785 _____ () C:\Windows\setupact.log
2014-10-19 22:31 - 2014-07-20 06:28 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Skype
2014-10-19 22:26 - 2014-04-01 17:28 - 01324493 _____ () C:\Windows\WindowsUpdate.log
2014-10-19 22:25 - 2014-07-25 00:38 - 00000000 ____D () C:\Users\Jason\AppData\Local\LogMeIn Hamachi
2014-10-19 22:13 - 2014-07-20 06:07 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-19 22:13 - 2014-04-01 17:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-19 19:14 - 2014-07-20 06:10 - 00003460 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-10-19 11:58 - 2014-09-14 06:23 - 00000000 ____D () C:\ProgramData\Kodak
2014-10-19 11:58 - 2014-07-20 06:07 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-17 12:13 - 2014-07-20 06:06 - 00000000 ____D () C:\Users\Jason\AppData\Local\Deployment
2014-10-16 23:19 - 2009-07-13 21:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-16 23:19 - 2009-07-13 21:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-16 23:18 - 2014-04-01 17:58 - 00000000 ____D () C:\Program Files (x86)\AlienRespawn
2014-10-16 23:10 - 2014-04-01 17:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-16 23:10 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 18:29 - 2014-07-24 07:06 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\TS3Client
2014-10-16 08:11 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-10-14 22:24 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-14 22:24 - 2009-07-13 21:45 - 00446456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-14 22:19 - 2014-07-21 06:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-14 22:19 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-14 22:19 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-14 20:22 - 2014-07-31 00:42 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Curse Client
2014-10-14 05:08 - 2010-11-20 20:47 - 00282246 _____ () C:\Windows\PFRO.log
2014-10-13 14:44 - 2014-09-18 18:06 - 00000000 ____D () C:\Users\Jason\AppData\Local\CrashDumps
2014-10-12 05:01 - 2014-07-20 06:01 - 00000000 ____D () C:\Users\Jason
2014-10-10 22:58 - 2014-07-20 06:27 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-10 22:58 - 2014-07-20 06:27 - 00000000 ____D () C:\ProgramData\Skype
2014-10-10 05:19 - 2014-07-20 06:21 - 00000000 ____D () C:\Users\Jason\AppData\Local\Battle.net
2014-10-10 00:47 - 2014-07-20 06:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-09 16:21 - 2009-07-13 22:13 - 00783606 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-08 08:16 - 2014-07-20 06:20 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-06 18:55 - 2014-08-29 00:15 - 00000000 ____D () C:\Users\Jason\Desktop\New folder (3)
2014-10-06 04:17 - 2014-08-02 00:29 - 00001608 _____ () C:\Windows\Sandboxie.ini
2014-10-05 22:26 - 2009-07-13 22:08 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-29 02:02 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-24 05:11 - 2014-04-01 17:28 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 05:11 - 2014-04-01 17:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 05:11 - 2014-04-01 17:28 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 01:47 - 2014-09-01 22:32 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Mumble
2014-09-23 23:15 - 2014-07-20 09:15 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-09-23 15:45 - 2014-07-20 06:03 - 00113000 _____ () C:\Users\Jason\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 13:14 - 2014-07-20 06:03 - 00000000 ____D () C:\Users\Jason\AppData\Local\VirtualStore
2014-09-23 13:08 - 2014-07-20 18:20 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-09-22 17:22 - 2014-07-20 08:30 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-09-21 22:11 - 2014-08-29 19:19 - 00000000 ____D () C:\ProgramData\374311380
2014-09-20 01:33 - 2014-07-20 06:15 - 00045035 _____ () C:\Windows\DirectX.log
2014-09-20 01:33 - 2014-07-20 06:14 - 00000000 ____D () C:\Users\Jason\Documents\My Games
 
Files to move or delete:
====================
C:\Users\Jason\jagex_cl_oldschool_LIVE.dat
C:\Users\Jason\jagex_cl_runescape_LIVE.dat
C:\Users\Jason\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Jason\AppData\Local\Temp\a458b676.exe
C:\Users\Jason\AppData\Local\Temp\dlLogic.exe
C:\Users\Jason\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.4-R2.0-b2918jnks.dll
C:\Users\Jason\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Jason\AppData\Local\Temp\nseA627.exe
C:\Users\Jason\AppData\Local\Temp\nsiEC08.exe
C:\Users\Jason\AppData\Local\Temp\nso7F13.exe
C:\Users\Jason\AppData\Local\Temp\nst7C25.exe
C:\Users\Jason\AppData\Local\Temp\nstA28D.exe
C:\Users\Jason\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Jason\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 08:03
 
==================== End Of Log ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-10-2014
Ran by Jason at 2014-10-19 22:43:21
Running from C:\Users\Jason\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABC Roster 1.9.3 (HKLM-x32\...\{0857D689-29BB-4570-B2CB-4A1541F3A88A}_is1) (Version:  - )
Accidental Damage Services Agreement (HKLM-x32\...\{330B7AAD-B2FE-4989-B02A-DDA5A174FCDF}) (Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
AlienAutopsy (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Alienware)
Alienware Command Center (HKLM-x32\...\InstallShield_{D4CE21D4-27E5-46DB-9FFE-553A90AD4B9F}) (Version: 3.5.14.0 - Alienware Corp.)
Alienware Command Center (Version: 3.5.14.0 - Alienware Corp.) Hidden
Alienware Customer Surveys (HKLM-x32\...\{9AAA35D1-B21D-4610-BBAE-18FE2D00C3E0}) (Version: 1.11.4124 - Dell Inc.)
Alienware Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.11C - )
Alienware On-Screen Display (x32 Version: 0.33.0.11C - ) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4181 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
Banctec Service Agreement (HKLM-x32\...\{BD4B02C1-0271-4D7D-A850-19DE2E5CDF83}) (Version: 2.0.0 - Dell Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.181 - Broadcom Corporation)
center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
CompleteCare Business Service Agreement (HKLM-x32\...\{83E499FA-E6AA-47F9-80F2-1E0109E49397}) (Version: 2.0.0 - Dell Inc.)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
Dell InHome Service Agreement (HKLM-x32\...\{41AA8F20-FD30-4878-9080-6D5BE575FD41}) (Version: 2.0.0 - Dell Inc.)
DHS Service Agreement (HKLM-x32\...\{BE7FC743-CC74-4977-82DD-CD4FC7EF74B6}) (Version: 2.0.0 - Dell Inc.)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dizzel (HKLM-x32\...\Steam App 315640) (Version:  - NSStudio)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
DreamScene Seven version 1.6 (HKLM-x32\...\{2367FAB6-057A-4973-875F-F57F7BBBA363}_is1) (Version: 1.6 - DREAMSCENESEVEN.COM)
DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden
EMSC (x32 Version: 0.0.0.25 - Compal Electronics, Inc.) Hidden
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Firefall (HKLM-x32\...\Steam App 227700) (Version:  - Red 5 Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3324 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.7.1002 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.0.7.1002 - Intel Corporation) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Kingdoms of Amalur: Reckoning™ (HKLM-x32\...\Steam App 102500) (Version:  - Big Huge Games)
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.9 - www.leaguereplays.com)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.15.2 (Version: 1.15.2 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0927 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
osu! (HKLM-x32\...\{864d02a5-a808-4e8c-9b54-be252d18180d}) (Version: latest - ppy Pty Ltd)
Performance Optimizer (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{892cc6a3}) (Version:  - Linker Ltd) <==== ATTENTION
Premium Service Agreement (HKLM-x32\...\{A74168E5-C3F7-4809-85D3-145C64A4CFCC}) (Version: 2.0.0 - Dell Inc.)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
QualxServ Service Agreement (HKLM-x32\...\{18401E1E-1E44-461A-A4B2-E48B1A727818}) (Version: 2.0.0 - Dell Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - )
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6876 - Realtek Semiconductor Corp.)
RIFT™ (HKLM-x32\...\Steam App 39120) (Version:  - Trion Worlds)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SuperManCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - SuperManCoupon) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.8.62 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}) (Version: 1.6 - En Masse Entertainment)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Toontown Rewritten (HKLM-x32\...\Toontown Rewritten) (Version: 00.00.00.00 - The TTR Team)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4800 - Broadcom Corporation)
WinRAR 5.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2136795737-589673086-1470654499-1001_Classes\CLSID\{6b6011d6-da0f-4779-9139-6fb80ebeb71a}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {19615882-43FA-49CE-BB90-ABCFED0BA828} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\AlienAutopsy\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {3341DBD8-E889-477E-BA15-D02490346EDC} - System32\Tasks\Dell\Alienware Survey (Jason) => C:\Program Files (x86)\Alienware Customer Surveys\AlienSurvey.exe [2013-04-23] (Alienware, Inc.)
Task: {421FCE1A-8FD7-4613-83AC-F7E546BDCFDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {6E673826-8528-4B8D-B080-4DA7AD6EB906} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {B6B2D09F-0569-49BC-B992-FE45DFCCC781} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-20] (Google Inc.)
Task: {E44D2E04-A5E8-4DA5-8FC9-31D908CCFB83} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\AlienAutopsy\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {E687344B-440D-4CD5-8E1C-C756142280E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-20] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-01 17:47 - 2013-10-23 01:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-01 17:58 - 2013-08-19 07:21 - 00020256 _____ () C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIcon.dll
2014-04-01 17:58 - 2013-08-19 07:21 - 00019232 _____ () C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayNotBackuped.dll
2014-09-21 22:09 - 2014-09-21 22:09 - 04303360 _____ () C:\ProgramData\Performance Optimizer\PerformanceOptimizer_x64.dll
2014-05-25 07:18 - 2014-05-25 07:18 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2014-05-25 07:18 - 2014-05-25 07:18 - 00747192 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2013-11-15 15:17 - 2013-11-15 15:17 - 04593968 _____ () C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
2014-10-10 10:16 - 2014-10-10 10:16 - 00016384 ____N () C:\Users\Jason\AppData\Local\Apps\2.0\XVLA9Y8O.B4A\YMXBL2HO.L9J\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.WowDb.dll
2014-09-04 01:07 - 2014-09-04 01:06 - 00035840 _____ () C:\Users\Jason\AppData\Local\Apps\2.0\XVLA9Y8O.B4A\YMXBL2HO.L9J\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.Advertising.dll
2014-10-10 10:16 - 2014-10-10 10:16 - 00099840 ____N () C:\Users\Jason\AppData\Local\Apps\2.0\XVLA9Y8O.B4A\YMXBL2HO.L9J\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.CMOD2.dll
2014-04-01 17:58 - 2013-11-21 15:22 - 00484880 _____ () C:\Program Files (x86)\AlienRespawn\Components\Shell\DBRCrawler.exe
2009-12-18 09:07 - 2009-12-18 09:07 - 00577536 _____ () C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll
2014-04-10 14:30 - 2014-04-10 14:30 - 00134664 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-04-01 17:41 - 2013-03-12 01:20 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-04-01 17:58 - 2013-11-21 13:00 - 01904928 _____ () C:\Program Files (x86)\AlienRespawn\Components\Restore\STRestoreAPI.dll
2014-04-01 17:58 - 2012-11-25 20:20 - 01153384 _____ () C:\Program Files (x86)\AlienRespawn\Components\Restore\libxml2.dll
2014-04-01 17:58 - 2012-11-25 20:20 - 00117608 _____ () C:\Program Files (x86)\AlienRespawn\Components\Restore\zlib1.dll
2014-05-19 17:04 - 2014-05-19 17:04 - 00307712 _____ () C:\Users\Jason\AppData\Roaming\Curse Client\Bin\opus.dll
2014-05-19 17:05 - 2014-05-19 17:05 - 00437248 _____ () C:\Users\Jason\AppData\Roaming\Curse Client\Bin\WebRTC_CSharpWrapper.dll
2014-09-12 20:15 - 2014-09-03 20:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-12 20:15 - 2014-09-03 20:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-12 20:15 - 2014-09-03 20:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-12 20:15 - 2014-09-03 20:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-12 20:15 - 2014-09-03 20:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2136795737-589673086-1470654499-500 - Administrator - Disabled)
Guest (S-1-5-21-2136795737-589673086-1470654499-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2136795737-589673086-1470654499-1003 - Limited - Enabled)
Jason (S-1-5-21-2136795737-589673086-1470654499-1001 - Administrator - Enabled) => C:\Users\Jason
UpdatusUser (S-1-5-21-2136795737-589673086-1470654499-1000 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Generic PnP Monitor
Description: Generic PnP Monitor
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard monitor types)
Service: monitor
Problem: : Windows cannot load the device driver for this hardware because a previous instance of the device driver is still in memory. (Code 38)
Resolution: The driver could not be loaded because a previous instance is still loaded.
Restart the computer.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/18/2014 00:59:53 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
 
Error: (10/16/2014 11:11:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/16/2014 08:10:37 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
 
Error: (10/16/2014 04:55:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/16/2014 04:09:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LolClient.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 18a0
 
Start Time: 01cfe9085eb8ab67
 
Termination Time: 7
 
Application Path: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.113\deploy\LolClient.exe
 
Report Id: d9c37197-5524-11e4-9c2e-6c71d9c28193
 
Error: (10/15/2014 10:32:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/15/2014 10:13:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/14/2014 11:24:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/14/2014 11:16:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rads_user_kernel.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2518
 
Start Time: 01cfe83f671655c6
 
Termination Time: 1
 
Application Path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
 
Report Id: b1ae43c4-5432-11e4-a115-6c71d9c28193
 
Error: (10/14/2014 11:15:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rads_user_kernel.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 27e0
 
Start Time: 01cfe83f2bc4c455
 
Termination Time: 0
 
Application Path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
 
Report Id: a2d8371a-5432-11e4-a115-6c71d9c28193
 
 
System errors:
=============
Error: (10/18/2014 06:33:15 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer SAVEAIRHEAD
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{40F303F9-B704-49C8-9D4D-BA6E82625372}.
The master browser is stopping or an election is being forced.
 
Error: (10/18/2014 02:27:54 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 25.65.44.219.
The computer with the IP address 25.45.161.7 did not allow the name to be claimed by
this computer.
 
Error: (10/17/2014 06:09:12 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer CURTIS-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{40F303F9-B704-49C8-9D4D-BA6E82625372}.
The master browser is stopping or an election is being forced.
 
Error: (10/16/2014 05:41:04 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 25.65.44.219.
The computer with the IP address 25.35.113.107 did not allow the name to be claimed by
this computer.
 
Error: (10/16/2014 07:42:57 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer SAVEAIRHEAD
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{40F303F9-B704-49C8-9D4D-BA6E82625372}.
The master browser is stopping or an election is being forced.
 
Error: (10/14/2014 10:37:55 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer CURTIS-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{40F303F9-B704-49C8-9D4D-BA6E82625372}.
The master browser is stopping or an election is being forced.
 
Error: (10/14/2014 10:27:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2952664).
 
Error: (10/14/2014 10:22:34 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
 
Reported by component: Processor Core
Error Source: 3
Error Type: 9
Processor ID: 0
 
The details view of this entry contains further information.
 
Error: (10/14/2014 05:08:36 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:07:23 AM on ‎10/‎14/‎2014 was unexpected.
 
Error: (10/13/2014 09:43:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
 
Microsoft Office Sessions:
=========================
Error: (10/18/2014 00:59:53 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422
 
Error: (10/16/2014 11:11:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/16/2014 08:10:37 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422
 
Error: (10/16/2014 04:55:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/16/2014 04:09:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LolClient.exe0.0.0.018a001cfe9085eb8ab677C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.113\deploy\LolClient.exed9c37197-5524-11e4-9c2e-6c71d9c28193
 
Error: (10/15/2014 10:32:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/15/2014 10:13:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/14/2014 11:24:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/14/2014 11:16:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rads_user_kernel.exe0.0.0.0251801cfe83f671655c61C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeb1ae43c4-5432-11e4-a115-6c71d9c28193
 
Error: (10/14/2014 11:15:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rads_user_kernel.exe0.0.0.027e001cfe83f2bc4c4550C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exea2d8371a-5432-11e4-a115-6c71d9c28193
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 40%
Total physical RAM: 8077.06 MB
Available physical RAM: 4802.55 MB
Total Pagefile: 16152.3 MB
Available Pagefile: 10736.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:455.52 GB) (Free:168.36 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:10.2 GB) (Free:2.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 370BB200)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 xXEdgeXx10

xXEdgeXx10
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 20 October 2014 - 01:00 AM

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-10-19 22:59:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000069 ATA_____ rev.DEM7 465.76GB
Running: gwtpdnrh.exe; Driver: C:\Users\Jason\AppData\Local\Temp\pgloypog.sys
 
---- Processes - GMER 2.1 ----
 
Library  C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL (*** suspicious ***) @ C:\Windows\System32\rundll32.exe [4408](2014-09-22 05:09:51)                                                                                                                              000007fef0280000
Library  C:\ProgramData\Razer\Synapse\Devices\RazerConfigNative.dll (*** suspicious ***) @ C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [5488] (Razer Configurator/Razer Inc.)(2014-07-07 09:37:22)                                                   000000005d3b0000
Library  C:\Users\Jason\AppData\Roaming\Curse Client\Bin\opus.dll (*** suspicious ***) @ C:\Users\Jason\AppData\Roaming\Curse Client\Bin\Curse.exe [15964](2014-05-20 00:04:42)                                                                             000000005cee0000
Library  C:\Users\Jason\AppData\Roaming\Curse Client\Bin\WebRTC_CSharpWrapper.dll (*** suspicious ***) @ C:\Users\Jason\AppData\Roaming\Curse Client\Bin\Curse.exe [15964](2014-05-20 00:05:14)                                                             000000005cdc0000
Library  C:\Users\Jason\AppData\Roaming\Curse Client\Bin\System.Data.SQLite.dll (*** suspicious ***) @ C:\Users\Jason\AppData\Roaming\Curse Client\Bin\Curse.exe [15964] (System.Data.SQLite Interop Assembly/Robert Simpson, et al.)(2014-10-15 03:22:51)  000000000f910000
Library  C:\Users\Jason\AppData\Roaming\Curse Client\Bin\EasyHook32.dll (*** suspicious ***) @ C:\Users\Jason\AppData\Roaming\Curse Client\Bin\Curse.exe [15964] (EasyHook Native DLL (32-bit) (beta) - r73841/easyhook.codeplex.com)(2014-06-13 21:37:24)  0000000056e60000
Library  C:\ProgramData\Kodak\Installer\Kengine.dll (*** suspicious ***) @ C:\ProgramData\Kodak\Installer\Setup.exe [11728] (Kodak Printer Installer/Eastman Kodak Company)(2014-09-14 13:26:59)                                                            0000000054640000
Library  C:\ProgramData\Kodak\Installer\Utilities.dll (*** suspicious ***) @ C:\ProgramData\Kodak\Installer\Setup.exe [11728] (Kodak Printer Installer/Eastman Kodak Company)(2014-09-14 13:26:59)                                                          0000000056fc0000
Library  C:\ProgramData\Kodak\Installer\Serializable.dll (*** suspicious ***) @ C:\ProgramData\Kodak\Installer\Setup.exe [11728] (Kodak Printer Installer/Eastman Kodak Company)(2014-09-14 13:26:59)                                                       000000005eaf0000
Library  C:\ProgramData\Kodak\Installer\Serializable.XmlSerializers.dll (*** suspicious ***) @ C:\ProgramData\Kodak\Installer\Setup.exe [11728] (Kodak Printer Installer/Eastman Kodak Company)(2014-09-14 13:26:59)                                        000000005ce90000
Library  C:\ProgramData\Kodak\Installer\Evaluator.dll (*** suspicious ***) @ C:\ProgramData\Kodak\Installer\Setup.exe [11728] (Kodak Printer Installer/Eastman Kodak Company)(2014-09-14 13:26:59)                                                          000000005a600000
Library  C:\ProgramData\Kodak\Installer\Snowplow.dll (*** suspicious ***) @ C:\ProgramData\Kodak\Installer\Setup.exe [11728] (Kodak Printer Installer/Eastman Kodak Company)(2014-09-14 13:26:59)                                                           00000000503c0000
Library  C:\ProgramData\Kodak\Installer\Download.dll (*** suspicious ***) @ C:\ProgramData\Kodak\Installer\Setup.exe [11728] (Kodak Printer Installer/Eastman Kodak Company)(2014-09-14 13:26:59)                                                           000000005a5e0000
Library  C:\ProgramData\Kodak\Installer\products\KODAK AiO Home Center\Resources.dll (*** suspicious ***) @ C:\ProgramData\Kodak\Installer\Setup.exe [11728] (Kodak Printer Installer/Eastman Kodak Company)(2014-09-14 13:26:59)                           0000000053e00000
Library  C:\ProgramData\Kodak\Installer\Extension.dll (*** suspicious ***) @ C:\ProgramData\Kodak\Installer\Setup.exe [11728] (Kodak Printer Installer/Eastman Kodak Company)(2014-09-14 13:26:59)                                                          0000000057050000
 
---- Registry - GMER 2.1 ----
 
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6c71d9c28193                                                                                                                                                                        
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6c71d9c28193 (not active ControlSet)                                                                                                                                                    
 
---- EOF - GMER 2.1 ----


#6 xXEdgeXx10

xXEdgeXx10
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 20 October 2014 - 01:06 AM

  • TDSSKiller.3.0.0.40_19.10.2014_23.02.03_log.txt

    Upload Skipped (No file was selected for upload)

is what im getting when i try to upload the last log



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 21 October 2014 - 08:03 AM

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    ISuperManCoupon
    
    Performance Optimizer
    
    
    
    
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 xXEdgeXx10

xXEdgeXx10
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 21 October 2014 - 11:45 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2014
Ran by Jason at 2014-10-21 21:41:02 Run:1
Running from C:\Users\Jason\Downloads
Loaded Profiles: UpdatusUser & Jason (Available profiles: UpdatusUser & Jason)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-09-28 04:53 - 2014-09-28 04:53 - 00000000 ____D () C:\ProgramData\SuperManCoupon
2014-09-23 23:11 - 2014-09-23 23:11 - 00000000 ____D () C:\Program Files (x86)\saveer biox
C:\Users\Jason\jagex_cl_oldschool_LIVE.dat
C:\Users\Jason\jagex_cl_runescape_LIVE.dat
C:\Users\Jason\random.dat
2014-09-21 22:19 - 2014-10-05 20:18 - 00000000 ____D () C:\ProgramData\440cd4d6acb049e3
2014-09-21 22:18 - 2014-09-24 06:35 - 00000000 ____D () C:\ProgramData\saveer biox
2014-09-21 22:09 - 2014-10-06 17:11 - 00000000 ____D () C:\ProgramData\Performance Optimizer
 
EmptyTemp:
*****************
 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"C:\ProgramData\SuperManCoupon" => File/Directory not found.
C:\Program Files (x86)\saveer biox => Moved successfully.
C:\Users\Jason\jagex_cl_oldschool_LIVE.dat => Moved successfully.
C:\Users\Jason\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Jason\random.dat => Moved successfully.
C:\ProgramData\440cd4d6acb049e3 => Moved successfully.
C:\ProgramData\saveer biox => Moved successfully.
C:\ProgramData\Performance Optimizer => Moved successfully.
EmptyTemp: => Removed 1.5 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#9 xXEdgeXx10

xXEdgeXx10
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 22 October 2014 - 05:39 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/22/2014
Scan Time: 02:27:40
Logfile: 
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.10.22.03
Rootkit Database: v2014.10.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jason
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349784
Time Elapsed: 7 min, 28 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.EasyLife.A, C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://searchy.easylifeapp.com/",), Replaced,[01baf423a5d70432a04d4615da2bcb35]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 xXEdgeXx10

xXEdgeXx10
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 23 October 2014 - 06:47 AM

here is another one a day later it found the same item, so whatever it is its re installing itself
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/23/2014
Scan Time: 02:13:14
Logfile: 
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.10.23.02
Rootkit Database: v2014.10.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jason
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 350413
Time Elapsed: 8 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.EasyLife.A, C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://searchy.easylifeapp.com/",), Replaced,[170782969ede3afcfb65e07dec197b85]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#11 xXEdgeXx10

xXEdgeXx10
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 26 October 2014 - 12:33 AM

bump



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:33 AM

Posted 28 October 2014 - 06:45 PM

Greetings xXEdgeXx10,

I apologize for the delay and I am now on board to help you. Please allow me just a bit of time to catch up on things and then we will be ready to continue on. Won't take me long....

Gary
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:33 AM

Posted 28 October 2014 - 07:18 PM

Thanks for your patience.

Have you tested any other browsers for the same behavior?

Please do these things for me including attaching the TDSSKiller log.

===================================================

How to Attach a File to Your Reply

--------------------
  • If necessary click the More Reply Options button in the lower right hand corner of the Reply to this topic section of the Post
  • In the lower left hand corner you should see a Browse button under Attach Files
  • Click the Browse button and a new window will open
  • Navigate to and double click on the file you want to attach
  • Once the file path is entered into the box click Attach This File
  • If successful, you will see the file name appear above Attach Files with a green check mark to the left
  • When you are done with your message and hit Reply the file will automatically be attached to your reply
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Rerun FRST making sure there is a check mark in Addition.txt and copy/paste both documents in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Other broswer behavior?
  • AdwCleaner log
  • Junkware log
  • FRST logs (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 xXEdgeXx10

xXEdgeXx10
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 29 October 2014 - 04:23 PM

  • TDSSKiller.3.0.0.40_19.10.2014_23.02.03_log.txt

    Upload Skipped (No file was selected for upload)

this is what i see when i try to attach the file

 

also i do not use any other browsers.


Edited by xXEdgeXx10, 29 October 2014 - 04:33 PM.


#15 xXEdgeXx10

xXEdgeXx10
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 29 October 2014 - 04:33 PM

# AdwCleaner v4.002 - Report created 29/10/2014 at 14:27:28
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jason - JASON-PC
# Running from : C:\Users\Jason\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Jason\Documents\Optimizer Pro
Folder Deleted : C:\ProgramData\DIscOeUntLoCatorr
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\DiscouNTLocator.DiscouNTLocator
Key Deleted : HKLM\SOFTWARE\Classes\DiscouNTLocator.DiscouNTLocator.3.15
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B649757-E5D5-6F37-1D8D-CBD896F3C129}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6F62BAB8-6CF4-47EB-8723-CADE7C95745B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B649757-E5D5-6F37-1D8D-CBD896F3C129}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F62BAB8-6CF4-47EB-8723-CADE7C95745B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3B649757-E5D5-6F37-1D8D-CBD896F3C129}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\SweetIM
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Google Chrome v38.0.2125.111
 
 
*************************
 
AdwCleaner[R0].txt - [4406 octets] - [29/10/2014 14:24:56]
AdwCleaner[S0].txt - [3969 octets] - [29/10/2014 14:27:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4029 octets] ##########





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users