Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Acquired Cryptowall 2, need help in total removal.


  • This topic is locked This topic is locked
21 replies to this topic

#1 iSpartan24

iSpartan24

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 16 October 2014 - 10:19 PM

Hi there! My machine came down with this virus, which I've read is relatively new. I can't seem to get rid of it 100% and would like some help before causing my machine to be too unstable. 

 

Product info:

Windows 8.1

Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz
Total physical RAM: 8077.54 MB
Total Virtual: 131072 MB
 
I have 24 "COM Surrogate"s running in Task Manager and ad links being blocked by avast that are apparently coming through my iexplorer file directory. 


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:34 PM

Posted 21 October 2014 - 10:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/552281 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 iSpartan24

iSpartan24
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 22 October 2014 - 06:30 PM

DDS won't run in compatibility mode for me so I used Farbar
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by jeffg_000 (administrator) on ISPARTAN24 on 22-10-2014 18:21:15
Running from C:\Users\jeffg_000\Downloads
Loaded Profile: jeffg_000 (Available profiles: jeffg_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Flux Software LLC) C:\Users\jeffg_000\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\jeffg_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Users\jeffg_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Users\jeffg_000\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelliType Pro] => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-15] (AVAST Software)
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938624 2014-10-09] (Valve Corporation)
HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\...\Run: [iFunBoxConnector] => C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [812544 2012-11-20] ()
HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\...\Run: [f.lux] => C:\Users\jeffg_000\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-10-17] (Raptr, Inc)
HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\...\Run: [Spotify Web Helper] => C:\Users\jeffg_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-27] (Spotify Ltd)
HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\...\Run: [EADM] => D:\Origin\Origin.exe [3595608 2014-06-27] (Electronic Arts)
HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\...\Run: [Google Update] => C:\Users\jeffg_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-04] (Google Inc.)
HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\...\Run: [uTorrent] => C:\Users\jeffg_000\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-13] (BitTorrent Inc.)
HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
Startup: C:\Users\jeffg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jeffg_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
InternetURL: C:\Users\jeffg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INSTALL_TOR.URL -> https://paytordmbdekmizq.tor4pay.com/wY1wNo
Startup: C:\Users\jeffg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
ShortcutTarget: RollerCoaster Tycoon 3 Registration.lnk -> C:\Users\jeffg_000\AppData\Local\Temp\{65630260-9029-44B2-89F7-811CF4C1CA5C}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Before = http://asus13.msn.com
SearchScopes: HKCU - {6459D9BA-0711-4CDD-931B-7CF174E93544} URL = http://searchou.com/?q={searchTerms}&id=6a77aaa100000000000012689d9f650a&r=140
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\jeffg_000\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\jeffg_000\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\jeffg_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-15]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://g/
CHR StartupUrls: Default -> "hxxp://reddit.com/"
CHR Profile: C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-01-23]
CHR Extension: (Uneddit Reddit) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\akibhpdlinfcelalimeibjcdolmfifel [2013-03-06]
CHR Extension: (Google Drive) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-24]
CHR Extension: (Google Cast) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-07-04]
CHR Extension: (Location Guard) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfohepagpmnodfdmjliccbbigdkfcgia [2014-06-18]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-08-18]
CHR Extension: (Google Search) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-24]
CHR Extension: (Google Play Music) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-07-11]
CHR Extension: (ZenMate) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-06-18]
CHR Extension: (AdBlock) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-01-01]
CHR Extension: (Avast Online Security) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-15]
CHR Extension: (TweetDeck by Twitter) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2014-03-22]
CHR Extension: (Streamus™ (Beta!)) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnkffmindojffecdhbbmekbmkkfpmjd [2014-01-28]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-01-14]
CHR Extension: (Google Wallet) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-08]
CHR Extension: (4chan Plus) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj [2014-01-15]
CHR Extension: (Gmail) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-24]
CHR Extension: (Lounge Companion (Dota 2 & CS:GO)) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pokidbfaabncipciiigfhncfmgmdjdaj [2014-05-31]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-15] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-02-18] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-09] (Futuremark)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [14760 2013-01-01] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2013-11-14] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2013-08-21] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2014-05-29] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [189248 2014-05-29] ()
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-05] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-10-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-15] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-14] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [358400 2013-05-09] (C-Media Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39080 2014-04-08] (Razer Inc)
S3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [34984 2014-04-08] (Razer Inc)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-16] ()
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-21 18:59 - 2014-10-21 18:59 - 01962496 _____ () C:\Users\jeffg_000\Downloads\AdwCleaner (1).exe
2014-10-21 18:21 - 2014-10-21 18:42 - 00000000 ____D () C:\AdwCleaner
2014-10-21 18:20 - 2014-10-21 18:20 - 01962496 _____ () C:\Users\jeffg_000\Downloads\AdwCleaner.exe
2014-10-16 21:09 - 2014-10-16 21:13 - 00079302 _____ () C:\Users\jeffg_000\Downloads\Addition.txt
2014-10-16 20:59 - 2014-10-22 18:21 - 00043264 _____ () C:\Users\jeffg_000\Downloads\FRST.txt
2014-10-16 20:59 - 2014-10-22 18:21 - 00000000 ____D () C:\FRST
2014-10-16 20:51 - 2014-10-16 20:51 - 02112000 _____ (Farbar) C:\Users\jeffg_000\Downloads\FRST64.exe
2014-10-16 20:46 - 2014-10-16 20:46 - 01102848 _____ (Farbar) C:\Users\jeffg_000\Downloads\FRST.exe
2014-10-16 13:02 - 2014-10-16 13:02 - 00000000 ____D () C:\WINDOWS\pss
2014-10-16 12:59 - 2014-10-16 13:00 - 15725144 _____ () C:\Users\jeffg_000\Downloads\RogueKiller.exe
2014-10-16 01:44 - 2014-10-22 18:22 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\CrashDumps
2014-10-16 01:44 - 2014-10-16 14:16 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-10-16 01:43 - 2014-10-16 01:44 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-16 01:43 - 2014-10-16 01:43 - 15677528 _____ () C:\Users\jeffg_000\Desktop\RogueKiller.exe
2014-10-16 01:23 - 2014-10-16 01:23 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\jeffg_000\Downloads\mbam-setup-2.0.3.1025 (1).exe
2014-10-16 01:21 - 2014-10-16 15:02 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-16 01:20 - 2014-10-16 01:20 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-16 01:20 - 2014-10-16 01:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-16 01:20 - 2014-10-16 01:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-16 01:20 - 2014-10-16 01:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-16 01:20 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-16 01:20 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-10-16 01:20 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-16 01:19 - 2014-10-16 01:19 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\jeffg_000\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-15 23:32 - 2014-10-15 23:32 - 00053248 _____ () C:\WINDOWS\SysWOW64\zlib.dll
2014-10-15 23:32 - 2014-10-15 23:32 - 00001234 _____ () C:\Users\Public\Desktop\CryptoPrevent.lnk
2014-10-15 23:32 - 2014-10-15 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2014-10-15 23:32 - 2014-10-15 23:32 - 00000000 ____D () C:\ProgramData\Foolish IT
2014-10-15 23:32 - 2014-10-15 23:32 - 00000000 ____D () C:\Program Files (x86)\Foolish IT
2014-10-15 23:31 - 2014-10-15 23:31 - 00964328 _____ (Foolish IT LLC ) C:\Users\jeffg_000\Downloads\CryptoPreventSetup.exe
2014-10-15 22:38 - 2014-10-15 22:38 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\AVAST Software
2014-10-15 22:32 - 2014-10-15 22:32 - 00008518 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.HTML
2014-10-15 22:32 - 2014-10-15 22:32 - 00008518 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-10-15 22:32 - 2014-10-15 22:32 - 00004200 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.TXT
2014-10-15 22:32 - 2014-10-15 22:32 - 00004200 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-10-15 22:32 - 2014-10-15 22:32 - 00000274 _____ () C:\Users\Public\INSTALL_TOR.URL
2014-10-15 22:32 - 2014-10-15 22:32 - 00000274 _____ () C:\Users\Public\Documents\INSTALL_TOR.URL
2014-10-15 22:31 - 2014-10-15 22:31 - 00008518 _____ () C:\Users\jeffg_000\DECRYPT_INSTRUCTION.HTML
2014-10-15 22:31 - 2014-10-15 22:31 - 00004200 _____ () C:\Users\jeffg_000\DECRYPT_INSTRUCTION.TXT
2014-10-15 22:31 - 2014-10-15 22:31 - 00000274 _____ () C:\Users\jeffg_000\INSTALL_TOR.URL
2014-10-15 22:26 - 2014-10-15 22:26 - 00001984 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-15 22:26 - 2014-10-15 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-10-15 22:25 - 2014-10-18 15:15 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-10-15 22:24 - 2014-10-15 22:25 - 00427360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-10-15 22:24 - 2014-10-15 22:24 - 01041168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-10-15 22:24 - 2014-10-15 22:24 - 00307344 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-10-15 22:24 - 2014-10-15 22:24 - 00224896 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-10-15 22:24 - 2014-10-15 22:24 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-10-15 22:24 - 2014-10-15 22:24 - 00092008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-10-15 22:24 - 2014-10-15 22:24 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-10-15 22:24 - 2014-10-15 22:24 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-10-15 22:24 - 2014-10-15 22:24 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-10-15 22:24 - 2014-10-15 22:24 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-10-15 22:20 - 2014-10-15 22:20 - 00000000 ____D () C:\Program Files\AVAST Software
2014-10-15 22:11 - 2014-10-15 22:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-15 22:10 - 2014-10-15 22:11 - 04862664 _____ (AVAST Software) C:\Users\jeffg_000\Downloads\avast_free_antivirus_setup_online.exe
2014-10-15 21:09 - 2014-10-15 21:09 - 00000000 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_71-b14.log
2014-10-15 17:11 - 2014-10-15 17:11 - 00008516 _____ () C:\Users\jeffg_000\Downloads\DECRYPT_INSTRUCTION.HTML
2014-10-15 17:11 - 2014-10-15 17:11 - 00004198 _____ () C:\Users\jeffg_000\Downloads\DECRYPT_INSTRUCTION.TXT
2014-10-15 17:11 - 2014-10-15 17:11 - 00000272 _____ () C:\Users\jeffg_000\Downloads\INSTALL_TOR.URL
2014-10-15 17:06 - 2014-10-15 17:06 - 00008516 _____ () C:\Users\jeffg_000\Documents\DECRYPT_INSTRUCTION.HTML
2014-10-15 17:06 - 2014-10-15 17:06 - 00004198 _____ () C:\Users\jeffg_000\Documents\DECRYPT_INSTRUCTION.TXT
2014-10-15 17:06 - 2014-10-15 17:06 - 00000272 _____ () C:\Users\jeffg_000\Documents\INSTALL_TOR.URL
2014-10-15 16:10 - 2014-10-15 16:10 - 00008516 _____ () C:\Users\jeffg_000\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-10-15 16:10 - 2014-10-15 16:10 - 00008516 _____ () C:\Users\jeffg_000\AppData\DECRYPT_INSTRUCTION.HTML
2014-10-15 16:10 - 2014-10-15 16:10 - 00004198 _____ () C:\Users\jeffg_000\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-10-15 16:10 - 2014-10-15 16:10 - 00004198 _____ () C:\Users\jeffg_000\AppData\DECRYPT_INSTRUCTION.TXT
2014-10-15 16:10 - 2014-10-15 16:10 - 00000272 _____ () C:\Users\jeffg_000\AppData\Roaming\INSTALL_TOR.URL
2014-10-15 16:10 - 2014-10-15 16:10 - 00000272 _____ () C:\Users\jeffg_000\AppData\INSTALL_TOR.URL
2014-10-15 16:08 - 2014-10-15 16:08 - 00008516 _____ () C:\Users\jeffg_000\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-15 16:08 - 2014-10-15 16:08 - 00004198 _____ () C:\Users\jeffg_000\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-15 16:08 - 2014-10-15 16:08 - 00000272 _____ () C:\Users\jeffg_000\AppData\Local\INSTALL_TOR.URL
2014-10-15 16:06 - 2014-10-15 16:06 - 00008516 _____ () C:\Users\jeffg_000\AppData\Local\Apps\DECRYPT_INSTRUCTION.HTML
2014-10-15 16:06 - 2014-10-15 16:06 - 00004198 _____ () C:\Users\jeffg_000\AppData\Local\Apps\DECRYPT_INSTRUCTION.TXT
2014-10-15 16:06 - 2014-10-15 16:06 - 00000272 _____ () C:\Users\jeffg_000\AppData\Local\Apps\INSTALL_TOR.URL
2014-09-27 16:48 - 2014-09-24 07:47 - 50213504 _____ () C:\Users\jeffg_000\Desktop\Master ppt.pptx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-22 18:13 - 2014-07-04 19:02 - 00000894 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2458243595-2776839282-2538676139-1001Core.job
2014-10-22 18:11 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-22 18:11 - 2012-12-24 21:38 - 00000380 _____ () C:\Users\jeffg_000\AppData\Roaming\sp_data.sys
2014-10-22 02:37 - 2014-05-04 12:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-22 02:05 - 2012-12-24 22:10 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 02:00 - 2013-01-18 05:05 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\Adobe
2014-10-21 22:58 - 2014-01-15 12:25 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\Raptr
2014-10-21 22:21 - 2012-12-24 21:45 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2458243595-2776839282-2538676139-1001
2014-10-21 19:39 - 2014-01-08 18:05 - 01287418 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-21 18:57 - 2014-01-08 18:14 - 00000000 __RDO () C:\Users\jeffg_000\SkyDrive
2014-10-21 18:57 - 2012-12-24 22:10 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-21 18:44 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-21 18:43 - 2013-11-14 02:20 - 00039164 _____ () C:\WINDOWS\PFRO.log
2014-10-21 18:43 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-21 18:42 - 2014-01-08 17:49 - 00000000 ____D () C:\Users\jeffg_000
2014-10-21 18:32 - 2014-01-14 20:00 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{132E4911-8360-4EA4-851D-EA79DB7D8E22}
2014-10-21 18:08 - 2014-07-04 19:02 - 00003900 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2458243595-2776839282-2538676139-1001UA
2014-10-21 18:08 - 2014-07-04 19:02 - 00003520 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2458243595-2776839282-2538676139-1001Core
2014-10-21 18:08 - 2014-07-04 19:02 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2458243595-2776839282-2538676139-1001UA.job
2014-10-21 17:39 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-18 15:16 - 2014-01-15 12:25 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-10-17 03:26 - 2012-12-24 21:35 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\VirtualStore
2014-10-16 14:12 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\addins
2014-10-15 23:34 - 2014-09-18 11:55 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-15 23:34 - 2012-12-27 01:48 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\uTorrent
2014-10-15 22:32 - 2014-02-21 14:37 - 00000000 ____D () C:\Users\Public\Documents\Unity Projects
2014-10-15 21:33 - 2014-06-28 01:42 - 00000000 ____D () C:\WINDOWS\AutoKMS
2014-10-15 21:32 - 2014-01-25 20:58 - 01673728 ___SH () C:\Users\jeffg_000\Desktop\Thumbs.db
2014-10-15 21:32 - 2014-01-08 15:10 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-15 21:09 - 2012-12-25 01:42 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-15 20:16 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-10-15 18:41 - 2013-04-12 17:13 - 00000000 ____D () C:\Users\jeffg_000\Desktop\Movies
2014-10-15 18:24 - 2013-04-09 01:08 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\Dropbox
2014-10-15 18:13 - 2013-03-18 00:07 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\vlc
2014-10-15 18:07 - 2012-12-24 21:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-15 17:11 - 2013-04-09 01:12 - 00000000 ___RD () C:\Users\jeffg_000\Dropbox
2014-10-15 17:10 - 2014-06-27 14:41 - 00000000 ____D () C:\Users\jeffg_000\Downloads\Pink Floyd The Wall (1982)
2014-10-15 17:08 - 2014-06-27 16:13 - 00000000 ____D () C:\Users\jeffg_000\Downloads\office_2013
2014-10-15 17:07 - 2014-06-18 17:21 - 00000000 ____D () C:\Users\jeffg_000\Downloads\Deadmau5 • While (1 - 2) [2014] 320
2014-10-15 17:06 - 2014-02-21 14:50 - 00000000 ____D () C:\Users\jeffg_000\Documents\New Unity Project
2014-10-15 17:06 - 2014-02-18 18:10 - 00000000 ____D () C:\Users\jeffg_000\Documents\Visual Studio 2013
2014-10-15 17:06 - 2014-02-17 21:59 - 00000000 ____D () C:\Users\jeffg_000\Documents\Respawn
2014-10-15 17:06 - 2014-01-20 15:13 - 00000000 ____D () C:\Users\jeffg_000\Documents\PCMark 8
2014-10-15 17:06 - 2013-05-01 19:38 - 00000000 ____D () C:\Users\jeffg_000\Documents\My Games
2014-10-15 17:06 - 2013-03-16 22:58 - 00000000 ____D () C:\Users\jeffg_000\Documents\StarCraft II
2014-10-15 17:05 - 2014-09-16 13:51 - 00000000 ____D () C:\Users\jeffg_000\Documents\Kingston
2014-10-15 17:05 - 2014-06-20 01:06 - 00000000 ____D () C:\Users\jeffg_000\Documents\Klei
2014-10-15 16:55 - 2014-03-01 02:51 - 00000000 ____D () C:\Users\jeffg_000\Documents\Elder Scrolls Online
2014-10-15 16:55 - 2013-04-02 10:51 - 00000000 ____D () C:\Users\jeffg_000\Documents\3DMark
2014-10-15 16:55 - 2013-01-31 18:28 - 00000000 ____D () C:\Users\jeffg_000\Documents\iTSfv
2014-10-15 16:55 - 2013-01-24 02:42 - 00000000 ____D () C:\Users\jeffg_000\Documents\Calibre Library
2014-10-15 16:44 - 2013-01-09 21:30 - 00000000 ____D () C:\Users\jeffg_000\Desktop\Saved Pics
2014-10-15 16:43 - 2014-08-19 04:02 - 00000000 ____D () C:\Users\jeffg_000\Desktop\Return of the Jedi - Despecialized Edition
2014-10-15 16:43 - 2013-01-14 21:42 - 00000000 ____D () C:\Users\jeffg_000\Desktop\PhotoshopPortable
2014-10-15 16:43 - 2013-01-09 21:27 - 00000000 ____D () C:\Users\jeffg_000\Desktop\Photoshop PSD's
2014-10-15 16:27 - 2014-08-20 11:58 - 00000000 ____D () C:\Users\jeffg_000\Desktop\Locke
2014-10-15 16:27 - 2013-01-09 21:30 - 00000000 ____D () C:\Users\jeffg_000\Desktop\Made Pics
2014-10-15 16:25 - 2014-08-23 21:20 - 00000000 ____D () C:\Users\jeffg_000\Desktop\Doctor.Who.2005.S08E01.Deep.Breath.720p.HDTV.XviD.AC3-RARBG
2014-10-15 16:25 - 2014-08-18 04:49 - 00000000 ____D () C:\Users\jeffg_000\Desktop\Empire Strikes Back - Despecialized Edition
2014-10-15 16:25 - 2013-01-23 17:45 - 00000000 ____D () C:\Users\jeffg_000\Desktop\LearnJapanese
2014-10-15 16:21 - 2014-08-18 02:47 - 00000000 ____D () C:\Users\jeffg_000\Desktop\DeEdv2.5
2014-10-15 16:21 - 2014-02-18 16:38 - 00000000 ____D () C:\Users\jeffg_000\Desktop\C#
2014-10-15 16:17 - 2014-08-31 19:15 - 00000000 ____D () C:\Users\jeffg_000\Desktop\Big.Fish.2003.1080p.BluRay.x264.anoXmous
2014-10-15 16:11 - 2014-02-21 15:38 - 00000000 ____D () C:\Users\jeffg_000\Desktop\Ableton
2014-10-15 16:11 - 2013-05-04 21:26 - 00000000 ____D () C:\Users\jeffg_000\DDS
2014-10-15 16:10 - 2014-06-18 14:07 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\TS3Client
2014-10-15 16:10 - 2014-05-19 23:27 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\Warner Bros. Interactive Entertainment
2014-10-15 16:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\Spotify
2014-10-15 16:10 - 2014-01-16 09:41 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\Skype
2014-10-15 16:10 - 2013-04-30 18:19 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\SplitMediaLabs
2014-10-15 16:10 - 2013-01-02 02:33 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\Winamp
2014-10-15 16:09 - 2014-02-21 15:46 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\Ableton
2014-10-15 16:09 - 2014-01-25 16:04 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\OBS
2014-10-15 16:09 - 2014-01-15 01:29 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\Atari
2014-10-15 16:09 - 2013-03-31 20:39 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\MediaMonkey
2014-10-15 16:09 - 2013-01-24 02:42 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\calibre
2014-10-15 16:09 - 2013-01-15 22:29 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\Adobe
2014-10-15 16:08 - 2014-01-20 21:11 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\Spotify
2014-10-15 16:08 - 2013-04-30 18:21 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\SplitMediaLabs
2014-10-15 16:08 - 2013-01-15 20:11 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\Western Digital
2014-10-15 16:08 - 2012-12-25 14:42 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\.minecraft
2014-10-15 16:07 - 2014-07-30 15:10 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\Octodad Dadliest Catch
2014-10-15 16:07 - 2014-04-28 03:30 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\Skype
2014-10-15 16:07 - 2014-02-20 19:13 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\PunkBuster
2014-10-15 16:07 - 2014-02-17 21:24 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\Origin
2014-10-15 16:07 - 2013-02-08 17:24 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\libimobiledevice
2014-10-15 16:07 - 2012-12-24 22:10 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\Google
2014-10-15 16:06 - 2014-09-16 14:56 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2014-10-15 16:06 - 2014-05-30 02:04 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-10-15 16:06 - 2013-04-30 18:20 - 00000000 ____D () C:\ProgramData\SplitMediaLabs
2014-10-15 16:06 - 2013-01-07 20:19 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\Apple Computer
2014-10-15 16:06 - 2012-12-24 21:35 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\ASUS
2014-10-15 16:05 - 2014-02-21 15:44 - 00000000 ____D () C:\ProgramData\Ableton
2014-10-15 16:05 - 2014-02-17 21:23 - 00000000 ____D () C:\ProgramData\Origin
2014-10-15 16:05 - 2013-03-16 23:22 - 00000000 ____D () C:\ProgramData\Battle.net
2014-10-08 23:54 - 2013-11-14 02:28 - 01005486 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-08 12:25 - 2013-04-09 01:12 - 00001085 _____ () C:\Users\jeffg_000\Desktop\Dropbox.lnk
2014-10-08 12:25 - 2013-04-09 01:10 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-02 16:05 - 2013-04-28 18:15 - 00001088 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-09-27 16:47 - 2013-08-22 09:46 - 00302511 _____ () C:\WINDOWS\setupact.log
2014-09-26 00:18 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-22 01:42 - 2013-02-14 05:26 - 00278152 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\jeffg_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyphkpe.dll
C:\Users\jeffg_000\AppData\Local\Temp\obupdat.exe
C:\Users\jeffg_000\AppData\Local\Temp\Quarantine.exe
C:\Users\jeffg_000\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-21 18:55
 
==================== End Of Log ============================


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:34 AM

Posted 26 October 2014 - 02:14 PM

Greetings iSpartan24 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me so that I can review the most current information.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Delete any existing FRST.exe file
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 iSpartan24

iSpartan24
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 28 October 2014 - 12:55 AM

Thanks Gary! Very appreciative of what you all do here and here are the results 

FRST::

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by jeffg_000 (administrator) on ISPARTAN24 on 28-10-2014 00:49:34
Running from C:\Users\jeffg_000\Desktop
Loaded Profile: jeffg_000 (Available profiles: jeffg_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Flux Software LLC) C:\Users\jeffg_000\AppData\Local\FluxSoftware\Flux\flux.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Spotify Ltd) C:\Users\jeffg_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\jeffg_000\AppData\Local\Google\Update\GoogleUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Dropbox, Inc.) C:\Users\jeffg_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\jeffg_000\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelliType Pro] => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-15] (AVAST Software)
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938624 2014-10-09] (Valve Corporation)
HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\...\Run: [iFunBoxConnector] => C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [812544 2012-11-20] ()
HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\...\Run: [f.lux] => C:\Users\jeffg_000\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-10-17] (Raptr, Inc)
HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\...\Run: [Spotify Web Helper] => C:\Users\jeffg_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-27] (Spotify Ltd)
HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\...\Run: [EADM] => D:\Origin\Origin.exe [3595608 2014-06-27] (Electronic Arts)
HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\...\Run: [Google Update] => C:\Users\jeffg_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-04] (Google Inc.)
HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\...\Run: [uTorrent] => C:\Users\jeffg_000\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-13] (BitTorrent Inc.)
HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
Startup: C:\Users\jeffg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jeffg_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
InternetURL: C:\Users\jeffg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INSTALL_TOR.URL -> https://paytordmbdekmizq.tor4pay.com/wY1wNo
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Before = http://asus13.msn.com
SearchScopes: HKCU - {6459D9BA-0711-4CDD-931B-7CF174E93544} URL = http://searchou.com/?q={searchTerms}&id=6a77aaa100000000000012689d9f650a&r=140
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\jeffg_000\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\jeffg_000\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\jeffg_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-15]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://g/
CHR StartupUrls: Default -> "hxxp://reddit.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Profile: C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-01-23]
CHR Extension: (Uneddit Reddit) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\akibhpdlinfcelalimeibjcdolmfifel [2013-03-06]
CHR Extension: (Google Drive) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-24]
CHR Extension: (Google Cast) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-07-04]
CHR Extension: (Location Guard) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfohepagpmnodfdmjliccbbigdkfcgia [2014-06-18]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-08-18]
CHR Extension: (Google Search) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-24]
CHR Extension: (Google Play Music) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-07-11]
CHR Extension: (ZenMate) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-06-18]
CHR Extension: (AdBlock) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-01-01]
CHR Extension: (Avast Online Security) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-15]
CHR Extension: (TweetDeck by Twitter) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2014-03-22]
CHR Extension: (Streamus™ (Beta!)) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnkffmindojffecdhbbmekbmkkfpmjd [2014-01-28]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-01-14]
CHR Extension: (Google Wallet) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-08]
CHR Extension: (4chan Plus) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj [2014-01-15]
CHR Extension: (Gmail) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-24]
CHR Extension: (Lounge Companion (Dota 2 & CS:GO)) - C:\Users\jeffg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pokidbfaabncipciiigfhncfmgmdjdaj [2014-05-31]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-15] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-02-18] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-09] (Futuremark)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [14760 2013-01-01] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2013-11-14] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2013-08-21] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2014-05-29] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [189248 2014-05-29] ()
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-05] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-10-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-15] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-14] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [358400 2013-05-09] (C-Media Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-25] (Malwarebytes Corporation)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39080 2014-04-08] (Razer Inc)
S3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [34984 2014-04-08] (Razer Inc)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-27] ()
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-28 00:49 - 2014-10-28 00:50 - 00042633 _____ () C:\Users\jeffg_000\Desktop\FRST.txt
2014-10-28 00:48 - 2014-10-28 00:48 - 02113024 _____ (Farbar) C:\Users\jeffg_000\Desktop\FRST64 (1).exe
2014-10-28 00:45 - 2014-10-28 00:46 - 11477196 _____ () C:\Users\jeffg_000\Desktop\Summary.nfo
2014-10-24 19:00 - 2014-10-24 19:01 - 19114072 _____ () C:\Users\jeffg_000\Downloads\RogueKillerX64.exe
2014-10-21 18:59 - 2014-10-21 18:59 - 01962496 _____ () C:\Users\jeffg_000\Downloads\AdwCleaner (1).exe
2014-10-21 18:21 - 2014-10-21 18:42 - 00000000 ____D () C:\AdwCleaner
2014-10-21 18:20 - 2014-10-21 18:20 - 01962496 _____ () C:\Users\jeffg_000\Downloads\AdwCleaner.exe
2014-10-16 21:09 - 2014-10-16 21:13 - 00079302 _____ () C:\Users\jeffg_000\Downloads\Addition.txt
2014-10-16 20:59 - 2014-10-28 00:49 - 00000000 ____D () C:\FRST
2014-10-16 20:59 - 2014-10-22 18:22 - 00063159 _____ () C:\Users\jeffg_000\Downloads\FRST.txt
2014-10-16 20:51 - 2014-10-16 20:51 - 02112000 _____ (Farbar) C:\Users\jeffg_000\Downloads\FRST64.exe
2014-10-16 20:46 - 2014-10-16 20:46 - 01102848 _____ (Farbar) C:\Users\jeffg_000\Downloads\FRST.exe
2014-10-16 13:02 - 2014-10-16 13:02 - 00000000 ____D () C:\WINDOWS\pss
2014-10-16 12:59 - 2014-10-16 13:00 - 15725144 _____ () C:\Users\jeffg_000\Downloads\RogueKiller.exe
2014-10-16 01:44 - 2014-10-27 14:34 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-10-16 01:44 - 2014-10-24 19:33 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\CrashDumps
2014-10-16 01:43 - 2014-10-16 01:44 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-16 01:43 - 2014-10-16 01:43 - 15677528 _____ () C:\Users\jeffg_000\Desktop\RogueKiller.exe
2014-10-16 01:23 - 2014-10-16 01:23 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\jeffg_000\Downloads\mbam-setup-2.0.3.1025 (1).exe
2014-10-16 01:21 - 2014-10-25 03:04 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-16 01:20 - 2014-10-16 01:20 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-16 01:20 - 2014-10-16 01:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-16 01:20 - 2014-10-16 01:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-16 01:20 - 2014-10-16 01:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-16 01:20 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-16 01:20 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-10-16 01:20 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-16 01:19 - 2014-10-16 01:19 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\jeffg_000\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-15 23:32 - 2014-10-15 23:32 - 00053248 _____ () C:\WINDOWS\SysWOW64\zlib.dll
2014-10-15 23:32 - 2014-10-15 23:32 - 00001234 _____ () C:\Users\Public\Desktop\CryptoPrevent.lnk
2014-10-15 23:32 - 2014-10-15 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2014-10-15 23:32 - 2014-10-15 23:32 - 00000000 ____D () C:\ProgramData\Foolish IT
2014-10-15 23:32 - 2014-10-15 23:32 - 00000000 ____D () C:\Program Files (x86)\Foolish IT
2014-10-15 23:31 - 2014-10-15 23:31 - 00964328 _____ (Foolish IT LLC ) C:\Users\jeffg_000\Downloads\CryptoPreventSetup.exe
2014-10-15 22:38 - 2014-10-15 22:38 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\AVAST Software
2014-10-15 22:32 - 2014-10-15 22:32 - 00008518 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.HTML
2014-10-15 22:32 - 2014-10-15 22:32 - 00008518 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-10-15 22:32 - 2014-10-15 22:32 - 00004200 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.TXT
2014-10-15 22:32 - 2014-10-15 22:32 - 00004200 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-10-15 22:32 - 2014-10-15 22:32 - 00000274 _____ () C:\Users\Public\INSTALL_TOR.URL
2014-10-15 22:32 - 2014-10-15 22:32 - 00000274 _____ () C:\Users\Public\Documents\INSTALL_TOR.URL
2014-10-15 22:31 - 2014-10-15 22:31 - 00008518 _____ () C:\Users\jeffg_000\DECRYPT_INSTRUCTION.HTML
2014-10-15 22:31 - 2014-10-15 22:31 - 00004200 _____ () C:\Users\jeffg_000\DECRYPT_INSTRUCTION.TXT
2014-10-15 22:31 - 2014-10-15 22:31 - 00000274 _____ () C:\Users\jeffg_000\INSTALL_TOR.URL
2014-10-15 22:26 - 2014-10-15 22:26 - 00001984 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-15 22:26 - 2014-10-15 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-10-15 22:25 - 2014-10-24 20:50 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-10-15 22:24 - 2014-10-15 22:25 - 00427360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-10-15 22:24 - 2014-10-15 22:24 - 01041168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-10-15 22:24 - 2014-10-15 22:24 - 00307344 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-10-15 22:24 - 2014-10-15 22:24 - 00224896 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-10-15 22:24 - 2014-10-15 22:24 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-10-15 22:24 - 2014-10-15 22:24 - 00092008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-10-15 22:24 - 2014-10-15 22:24 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-10-15 22:24 - 2014-10-15 22:24 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-10-15 22:24 - 2014-10-15 22:24 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-10-15 22:24 - 2014-10-15 22:24 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-10-15 22:20 - 2014-10-15 22:20 - 00000000 ____D () C:\Program Files\AVAST Software
2014-10-15 22:11 - 2014-10-15 22:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-15 22:10 - 2014-10-15 22:11 - 04862664 _____ (AVAST Software) C:\Users\jeffg_000\Downloads\avast_free_antivirus_setup_online.exe
2014-10-15 21:09 - 2014-10-15 21:09 - 00000000 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_71-b14.log
2014-10-15 17:11 - 2014-10-15 17:11 - 00008516 _____ () C:\Users\jeffg_000\Downloads\DECRYPT_INSTRUCTION.HTML
2014-10-15 17:11 - 2014-10-15 17:11 - 00004198 _____ () C:\Users\jeffg_000\Downloads\DECRYPT_INSTRUCTION.TXT
2014-10-15 17:11 - 2014-10-15 17:11 - 00000272 _____ () C:\Users\jeffg_000\Downloads\INSTALL_TOR.URL
2014-10-15 17:06 - 2014-10-15 17:06 - 00008516 _____ () C:\Users\jeffg_000\Documents\DECRYPT_INSTRUCTION.HTML
2014-10-15 17:06 - 2014-10-15 17:06 - 00004198 _____ () C:\Users\jeffg_000\Documents\DECRYPT_INSTRUCTION.TXT
2014-10-15 17:06 - 2014-10-15 17:06 - 00000272 _____ () C:\Users\jeffg_000\Documents\INSTALL_TOR.URL
2014-10-15 16:10 - 2014-10-15 16:10 - 00008516 _____ () C:\Users\jeffg_000\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-10-15 16:10 - 2014-10-15 16:10 - 00008516 _____ () C:\Users\jeffg_000\AppData\DECRYPT_INSTRUCTION.HTML
2014-10-15 16:10 - 2014-10-15 16:10 - 00004198 _____ () C:\Users\jeffg_000\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-10-15 16:10 - 2014-10-15 16:10 - 00004198 _____ () C:\Users\jeffg_000\AppData\DECRYPT_INSTRUCTION.TXT
2014-10-15 16:10 - 2014-10-15 16:10 - 00000272 _____ () C:\Users\jeffg_000\AppData\Roaming\INSTALL_TOR.URL
2014-10-15 16:10 - 2014-10-15 16:10 - 00000272 _____ () C:\Users\jeffg_000\AppData\INSTALL_TOR.URL
2014-10-15 16:08 - 2014-10-15 16:08 - 00008516 _____ () C:\Users\jeffg_000\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-15 16:08 - 2014-10-15 16:08 - 00004198 _____ () C:\Users\jeffg_000\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-15 16:08 - 2014-10-15 16:08 - 00000272 _____ () C:\Users\jeffg_000\AppData\Local\INSTALL_TOR.URL
2014-10-15 16:06 - 2014-10-15 16:06 - 00008516 _____ () C:\Users\jeffg_000\AppData\Local\Apps\DECRYPT_INSTRUCTION.HTML
2014-10-15 16:06 - 2014-10-15 16:06 - 00004198 _____ () C:\Users\jeffg_000\AppData\Local\Apps\DECRYPT_INSTRUCTION.TXT
2014-10-15 16:06 - 2014-10-15 16:06 - 00000272 _____ () C:\Users\jeffg_000\AppData\Local\Apps\INSTALL_TOR.URL
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-28 00:45 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-28 00:44 - 2014-01-08 18:05 - 01377422 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-28 00:42 - 2014-01-14 20:00 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{132E4911-8360-4EA4-851D-EA79DB7D8E22}
2014-10-28 00:39 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-28 00:39 - 2012-12-24 21:38 - 00000380 _____ () C:\Users\jeffg_000\AppData\Roaming\sp_data.sys
2014-10-27 14:37 - 2014-05-04 12:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-27 14:32 - 2014-01-15 12:25 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\Raptr
2014-10-27 14:31 - 2014-01-08 18:14 - 00000000 __RDO () C:\Users\jeffg_000\SkyDrive
2014-10-27 14:30 - 2014-01-08 17:49 - 00000000 ____D () C:\Users\jeffg_000
2014-10-27 14:30 - 2012-12-24 22:10 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-27 14:10 - 2012-12-24 22:10 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 12:06 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-25 02:00 - 2013-01-18 05:05 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\Adobe
2014-10-24 21:02 - 2013-03-18 00:07 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\vlc
2014-10-24 20:46 - 2013-11-14 02:20 - 00039594 _____ () C:\WINDOWS\PFRO.log
2014-10-24 20:46 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-24 19:34 - 2014-07-04 19:02 - 00000894 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2458243595-2776839282-2538676139-1001Core.job
2014-10-22 23:36 - 2014-01-25 16:04 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\OBS
2014-10-22 23:30 - 2014-01-25 16:04 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-10-22 22:35 - 2014-01-25 20:58 - 01673728 ___SH () C:\Users\jeffg_000\Desktop\Thumbs.db
2014-10-22 19:05 - 2012-12-24 22:10 - 00003900 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-22 19:05 - 2012-12-24 22:10 - 00003664 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-21 22:21 - 2012-12-24 21:45 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2458243595-2776839282-2538676139-1001
2014-10-21 18:08 - 2014-07-04 19:02 - 00003900 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2458243595-2776839282-2538676139-1001UA
2014-10-21 18:08 - 2014-07-04 19:02 - 00003520 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2458243595-2776839282-2538676139-1001Core
2014-10-21 18:08 - 2014-07-04 19:02 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2458243595-2776839282-2538676139-1001UA.job
2014-10-18 15:16 - 2014-01-15 12:25 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-10-17 03:26 - 2012-12-24 21:35 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\VirtualStore
2014-10-16 14:12 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\addins
2014-10-15 23:34 - 2014-09-18 11:55 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-15 23:34 - 2012-12-27 01:48 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\uTorrent
2014-10-15 22:32 - 2014-02-21 14:37 - 00000000 ____D () C:\Users\Public\Documents\Unity Projects
2014-10-15 21:33 - 2014-06-28 01:42 - 00000000 ____D () C:\WINDOWS\AutoKMS
2014-10-15 21:32 - 2014-01-08 15:10 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-15 21:09 - 2012-12-25 01:42 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-15 20:16 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-10-15 18:41 - 2013-04-12 17:13 - 00000000 ____D () C:\Users\jeffg_000\Desktop\Movies
2014-10-15 18:24 - 2013-04-09 01:08 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\Dropbox
2014-10-15 18:07 - 2012-12-24 21:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-15 17:11 - 2013-04-09 01:12 - 00000000 ___RD () C:\Users\jeffg_000\Dropbox
2014-10-15 17:10 - 2014-06-27 14:41 - 00000000 ____D () C:\Users\jeffg_000\Downloads\Pink Floyd The Wall (1982)
2014-10-15 17:08 - 2014-06-27 16:13 - 00000000 ____D () C:\Users\jeffg_000\Downloads\office_2013
2014-10-15 17:07 - 2014-06-18 17:21 - 00000000 ____D () C:\Users\jeffg_000\Downloads\Deadmau5 • While (1 - 2) [2014] 320
2014-10-15 17:06 - 2014-02-21 14:50 - 00000000 ____D () C:\Users\jeffg_000\Documents\New Unity Project
2014-10-15 17:06 - 2014-02-18 18:10 - 00000000 ____D () C:\Users\jeffg_000\Documents\Visual Studio 2013
2014-10-15 17:06 - 2014-02-17 21:59 - 00000000 ____D () C:\Users\jeffg_000\Documents\Respawn
2014-10-15 17:06 - 2014-01-20 15:13 - 00000000 ____D () C:\Users\jeffg_000\Documents\PCMark 8
2014-10-15 17:06 - 2013-05-01 19:38 - 00000000 ____D () C:\Users\jeffg_000\Documents\My Games
2014-10-15 17:06 - 2013-03-16 22:58 - 00000000 ____D () C:\Users\jeffg_000\Documents\StarCraft II
2014-10-15 17:05 - 2014-09-16 13:51 - 00000000 ____D () C:\Users\jeffg_000\Documents\Kingston
2014-10-15 17:05 - 2014-06-20 01:06 - 00000000 ____D () C:\Users\jeffg_000\Documents\Klei
2014-10-15 16:55 - 2014-03-01 02:51 - 00000000 ____D () C:\Users\jeffg_000\Documents\Elder Scrolls Online
2014-10-15 16:55 - 2013-04-02 10:51 - 00000000 ____D () C:\Users\jeffg_000\Documents\3DMark
2014-10-15 16:55 - 2013-01-31 18:28 - 00000000 ____D () C:\Users\jeffg_000\Documents\iTSfv
2014-10-15 16:55 - 2013-01-24 02:42 - 00000000 ____D () C:\Users\jeffg_000\Documents\Calibre Library
2014-10-15 16:44 - 2013-01-09 21:30 - 00000000 ____D () C:\Users\jeffg_000\Desktop\Saved Pics
2014-10-15 16:43 - 2014-08-19 04:02 - 00000000 ____D () C:\Users\jeffg_000\Desktop\Return of the Jedi - Despecialized Edition
2014-10-15 16:43 - 2013-01-14 21:42 - 00000000 ____D () C:\Users\jeffg_000\Desktop\PhotoshopPortable
2014-10-15 16:43 - 2013-01-09 21:27 - 00000000 ____D () C:\Users\jeffg_000\Desktop\Photoshop PSD's
2014-10-15 16:27 - 2014-08-20 11:58 - 00000000 ____D () C:\Users\jeffg_000\Desktop\Locke
2014-10-15 16:27 - 2013-01-09 21:30 - 00000000 ____D () C:\Users\jeffg_000\Desktop\Made Pics
2014-10-15 16:25 - 2014-08-23 21:20 - 00000000 ____D () C:\Users\jeffg_000\Desktop\Doctor.Who.2005.S08E01.Deep.Breath.720p.HDTV.XviD.AC3-RARBG
2014-10-15 16:25 - 2014-08-18 04:49 - 00000000 ____D () C:\Users\jeffg_000\Desktop\Empire Strikes Back - Despecialized Edition
2014-10-15 16:25 - 2013-01-23 17:45 - 00000000 ____D () C:\Users\jeffg_000\Desktop\LearnJapanese
2014-10-15 16:21 - 2014-08-18 02:47 - 00000000 ____D () C:\Users\jeffg_000\Desktop\DeEdv2.5
2014-10-15 16:21 - 2014-02-18 16:38 - 00000000 ____D () C:\Users\jeffg_000\Desktop\C#
2014-10-15 16:11 - 2014-02-21 15:38 - 00000000 ____D () C:\Users\jeffg_000\Desktop\Ableton
2014-10-15 16:11 - 2013-05-04 21:26 - 00000000 ____D () C:\Users\jeffg_000\DDS
2014-10-15 16:10 - 2014-06-18 14:07 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\TS3Client
2014-10-15 16:10 - 2014-05-19 23:27 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\Warner Bros. Interactive Entertainment
2014-10-15 16:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\Spotify
2014-10-15 16:10 - 2014-01-16 09:41 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\Skype
2014-10-15 16:10 - 2013-04-30 18:19 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\SplitMediaLabs
2014-10-15 16:10 - 2013-01-02 02:33 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\Winamp
2014-10-15 16:09 - 2014-02-21 15:46 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\Ableton
2014-10-15 16:09 - 2014-01-15 01:29 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\Atari
2014-10-15 16:09 - 2013-03-31 20:39 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\MediaMonkey
2014-10-15 16:09 - 2013-01-24 02:42 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\calibre
2014-10-15 16:09 - 2013-01-15 22:29 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\Adobe
2014-10-15 16:08 - 2014-01-20 21:11 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\Spotify
2014-10-15 16:08 - 2013-04-30 18:21 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\SplitMediaLabs
2014-10-15 16:08 - 2013-01-15 20:11 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\Western Digital
2014-10-15 16:08 - 2012-12-25 14:42 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\.minecraft
2014-10-15 16:07 - 2014-07-30 15:10 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\Octodad Dadliest Catch
2014-10-15 16:07 - 2014-04-28 03:30 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\Skype
2014-10-15 16:07 - 2014-02-20 19:13 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\PunkBuster
2014-10-15 16:07 - 2014-02-17 21:24 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\Origin
2014-10-15 16:07 - 2013-02-08 17:24 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\libimobiledevice
2014-10-15 16:07 - 2012-12-24 22:10 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\Google
2014-10-15 16:06 - 2014-09-16 14:56 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2014-10-15 16:06 - 2014-05-30 02:04 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-10-15 16:06 - 2013-04-30 18:20 - 00000000 ____D () C:\ProgramData\SplitMediaLabs
2014-10-15 16:06 - 2013-01-07 20:19 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\Apple Computer
2014-10-15 16:06 - 2012-12-24 21:35 - 00000000 ____D () C:\Users\jeffg_000\AppData\Local\ASUS
2014-10-15 16:05 - 2014-02-21 15:44 - 00000000 ____D () C:\ProgramData\Ableton
2014-10-15 16:05 - 2014-02-17 21:23 - 00000000 ____D () C:\ProgramData\Origin
2014-10-15 16:05 - 2013-03-16 23:22 - 00000000 ____D () C:\ProgramData\Battle.net
2014-10-08 23:54 - 2013-11-14 02:28 - 01005486 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-08 12:25 - 2013-04-09 01:12 - 00001085 _____ () C:\Users\jeffg_000\Desktop\Dropbox.lnk
2014-10-08 12:25 - 2013-04-09 01:10 - 00000000 ____D () C:\Users\jeffg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-02 16:05 - 2013-04-28 18:15 - 00001088 _____ () C:\Users\Public\Desktop\VLC media player.lnk
 
Some content of TEMP:
====================
C:\Users\jeffg_000\AppData\Local\Temp\dllnt_dump.dll
C:\Users\jeffg_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkzqg8c.dll
C:\Users\jeffg_000\AppData\Local\Temp\obupdat.exe
C:\Users\jeffg_000\AppData\Local\Temp\Quarantine.exe
C:\Users\jeffg_000\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-27 12:17
 
==================== End Of Log ============================
 
Addition txt::
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
Ran by jeffg_000 at 2014-10-28 00:50:37
Running from C:\Users\jeffg_000\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
140 (HKLM-x32\...\Steam App 242820) (Version:  - Carlsen Games)
3DMark Demo (HKLM-x32\...\Steam App 231350) (Version:  - Futuremark)
Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Flash Media Encoder 2.5 (HKLM-x32\...\{63A56D6A-8AA4-4568-A9E0-790D31B2F30E}) (Version: 2.5 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - )
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - )
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.4 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0002 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.2 - Electronic Arts)
Battlefront Extreme 2.2 (HKLM-x32\...\{AFD834CA-4579-49DF-9CF0-EA58822A7C2E}_is1) (Version:  - )
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bleed v1.5.1 (HKLM-x32\...\Bleed_is1) (Version:  - Bootdisk Revolution)
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Windows Phone 8.0 (x32 Version: 3.0.30924.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Braid (HKLM-x32\...\Steam App 26800) (Version:  - Number None, Inc.)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
calibre 64bit (HKLM\...\{F1A77940-509D-4FDB-A9BE-62D6421A2A7D}) (Version: 0.9.15 - Kovid Goyal)
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
f.lux (HKCU\...\Flux) (Version:  - )
From Dust (HKLM-x32\...\Steam App 33460) (Version:  - )
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Futuremark SystemInfo (HKLM-x32\...\{4050C71E-EB43-4A8C-B6A6-778DD6F8252C}) (Version: 4.24.338 - Futuremark)
GameRanger (HKCU\...\GameRanger) (Version:  - GameRanger Technologies)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
iFunbox (v2.1.2228.731), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.1.2228.731 - )
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTSfv 5.62.1.0 (HKLM\...\iTSfv_is1) (Version: 5.62.1.0 - BetaONE)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden
JavaScript Tooling (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)
LEGO MARVEL Super Heroes (HKLM-x32\...\Steam App 249130) (Version:  - Traveller's Tales)
LIMBO (HKCU\...\Limbo) (Version:  - )
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - )
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.29989 - Microsoft) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Lone Survivor (HKLM-x32\...\Steam App 209830) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - THQ)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio Premium 2013 (HKLM-x32\...\{cbf78dde-975d-44b1-a5a1-17bdd063bf76}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
MX vs ATV Reflex (HKLM-x32\...\Steam App 55140) (Version:  - Double Helix Games)
My Game Long Name (HKLM\...\UDK-133a637d-c651-41b1-9e97-770262f0cba3) (Version:  - Epic Games, Inc.)
Next Car Game (HKLM-x32\...\Steam App 228380) (Version:  - )
Next Car Game Technology Sneak Peek 2.0 (HKLM-x32\...\Next Car Game Technology Sneak Peek) (Version:  - Bugbear Entertainment)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
Octodad: Dadliest Catch (HKLM-x32\...\Steam App 224480) (Version:  - Young Horses)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pandora (HKLM-x32\...\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1) (Version: 2.0.8 - PANDORA MEDIA, INC.)
Pandora (x32 Version: 2.0.8 - PANDORA MEDIA, INC.) Hidden
Pazera Free MP4 to AVI Converter 1.6 (HKLM-x32\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.6 - Jacek Pazera)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version:  - )
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Psychonauts (HKLM-x32\...\Steam App 3830) (Version:  - Double Fine Productions, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27024 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - Atari)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SpaceEngine version 0.9.7.1 (HKLM-x32\...\{53E413B3-2417-4BD1-984D-8C92C81C231F}_is1) (Version: 0.9.7.1 - SpaceEngine)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spore (HKLM-x32\...\Steam App 17390) (Version:  - Maxis)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - )
Super Meat Boy v1.5 (HKLM-x32\...\Super Meat Boy v1.5_is1) (Version:  - Team Meat)
Superbrothers: Sword & Sworcery EP (HKLM-x32\...\Steam App 204060) (Version:  - )
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - )
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
Titanfall™-Beta (HKLM-x32\...\{E933BD1A-9B05-42A3-A1CF-3DA81C72E454}) (Version: 1.0.0.0 - Electronic Arts)
Trials Evolution Gold Edition (HKLM-x32\...\Steam App 220160) (Version:  - RedLynx and Ubisoft Shanghai)
TweetDeck (HKLM-x32\...\{FA6381E9-96D2-4F6F-866C-4D16E5986FF6}) (Version: 2.7.1 - Twitter, Inc.)
Unity (HKLM-x32\...\Unity) (Version:  - Unity Technologies ApS)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Videostream Port Fix (HKLM-x32\...\{A36C0DAA-86C7-4D14-AEC0-86416A69ABDE}) (Version: 1.0.0 - Videostream, Inc.)
Visual F# 3.1 SDK (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual F# 3.1 VS (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2013 Prerequisites - ENU Language Pack (Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual Studio 2013 Prerequisites (Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual Studio Extensions for Windows Library for JavaScript (x32 Version: 1.0.9600.16408 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vs2012 Verification SDK (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
VTFEdit 1.2.5 (HKLM-x32\...\VTFEdit_is1) (Version:  - Neil Jedrzejewski & Ryan Gregg)
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows 8 Development Essentials (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Windows App Certification Kit Native Components (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows App Certification Kit x64 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Azure Mobile Services SDK (x32 Version: 1.0.10815.0 - Microsoft Corporation) Hidden
Windows Azure Mobile Services Tools for Visual Studio 2013 Preview - v1.0 (x32 Version: 1.0.60906.1602 - Microsoft Corporation) Hidden
Windows Azure Shared Components for Microsoft Visual Studio 2013 - v1.0 (x32 Version: 1.0.10829.1601 - Microsoft Corporation) Hidden
Windows Azure Tools for LightSwitch for Visual Studio 2013 - v2.1 (x32 Version: 2.1.10909.1601 - Microsoft) Hidden
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
Windows Phone 8.0 Emulation Host (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Windows Phone 8.0 Emulation Images (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Windows Phone 8.0 Managed SDK Profiler (ARM) (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Windows Phone 8.0 Managed SDK Profiler (X86) (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Windows Phone Emulator 8.0 Configurator (x32 Version: 11.0.60830 - Microsoft Corporation) Hidden
Windows Phone SDK 8.0 Assemblies (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Windows Phone Tools Finalizer (Version: 11.0.60610 - Microsoft Corporation) Hidden
Windows Runtime Intellisense Content - en-us (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows XP Targeting with C++ (Version: 11.0.51106 - Microsoft Corporation) Hidden
Windows XP Targeting with C++ (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Workflow Manager Client 1.0 (Version: 2.0.30813.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.30725.1 - Microsoft Corporation) Hidden
World of Goo (HKLM-x32\...\Steam App 22000) (Version:  - 2D BOY)
XSplit Broadcaster (HKLM-x32\...\{6459F338-FE52-4034-BCA7-74772DA0F24D}) (Version: 1.3.1403.1202 - SplitMediaLabs)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2458243595-2776839282-2538676139-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\jeffg_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2458243595-2776839282-2538676139-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\jeffg_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2458243595-2776839282-2538676139-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\jeffg_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2458243595-2776839282-2538676139-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jeffg_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2458243595-2776839282-2538676139-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jeffg_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2458243595-2776839282-2538676139-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jeffg_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2458243595-2776839282-2538676139-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jeffg_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2458243595-2776839282-2538676139-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jeffg_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2458243595-2776839282-2538676139-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jeffg_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2458243595-2776839282-2538676139-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jeffg_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2458243595-2776839282-2538676139-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jeffg_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
27-10-2014 17:30:24 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-02-06 14:47 - 2013-02-06 14:47 - 00000952 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1  localhost
127.0.0.1 activate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2BBEFB51-9BF4-461E-8C5B-BA0A9CDF9F42} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-24] (Google Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2D123557-F532-4369-B30B-BDD670554BAE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {407495C1-63DA-4158-885F-40F9F6885916} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-15] (AVAST Software)
Task: {43221F38-17B0-412F-8C44-E2D0B5D6F82B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2458243595-2776839282-2538676139-1001Core => C:\Users\jeffg_000\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5531CC6B-3B21-4251-BD7A-7812D0289C3B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {563238DF-885C-4EF3-9130-A895753662E8} - \AutoKMS No Task File <==== ATTENTION
Task: {5E16E639-9113-4494-9B86-071C82DC21BE} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {68DC21CC-FADD-4AAA-86E2-3CF387F352F7} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {8458DD51-5B5D-4E98-99B0-CBF9E251C12B} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-jeffgordonsnumberonefan@yahoo.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-12-15] (Adobe Systems Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9255DFE9-85A2-45D0-BE52-4BA9493DD7BF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {9386A453-894E-4A7E-9353-78A3C2AE4987} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-24] (Google Inc.)
Task: {93ACA121-7071-4AF8-88EA-462F46564097} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A5FF07E6-A30B-4052-87DB-18B36394DB2B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2458243595-2776839282-2538676139-1001UA => C:\Users\jeffg_000\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)
Task: {B52844D7-9E16-4EFD-B75B-82FEC68E2C0E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D44A1B8D-B05A-465F-9E8B-037A7C73837E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {D70E65E2-DA73-48A8-9CBA-5060DBCAD8CC} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EA87652A-C8DC-4DA3-9BCF-44D35BE79ECD} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {F17A656B-5A9E-4C5C-A047-62EC9B6814ED} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-04] (ASUS)
Task: {F8B3755D-24B1-491B-BBBD-D7E5A3D21365} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {FAF03AFB-F1F6-4B9F-9346-16FDEBB32C55} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2458243595-2776839282-2538676139-1001Core.job => C:\Users\jeffg_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2458243595-2776839282-2538676139-1001UA.job => C:\Users\jeffg_000\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-20 17:41 - 2014-05-29 02:42 - 00075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-02-20 17:41 - 2014-05-29 02:42 - 00189248 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2012-10-01 20:34 - 2012-10-01 20:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-08-04 12:34 - 2012-08-04 12:34 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-10-01 14:02 - 2013-10-01 14:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-15 22:24 - 2014-10-15 22:24 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-25 08:48 - 2014-10-25 08:48 - 02897920 _____ () C:\Program Files\AVAST Software\Avast\defs\14102500\algo.dll
2014-10-27 12:08 - 2014-10-27 12:08 - 02898432 _____ () C:\Program Files\AVAST Software\Avast\defs\14102700\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-01 20:01 - 2013-01-01 20:01 - 00228264 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbPc.DLL
2012-10-04 14:53 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-06-07 16:12 - 2012-06-07 16:12 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-20 19:05 - 2013-11-20 19:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 19:56 - 2014-06-17 19:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 18:06 - 2010-11-22 18:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-10-15 22:24 - 2014-10-15 22:24 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-27 14:31 - 2014-10-27 14:31 - 00043008 _____ () c:\Users\jeffg_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkzqg8c.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\jeffg_000\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-52.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
2014-10-16 21:12 - 2014-10-09 21:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-16 21:12 - 2014-10-09 21:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-16 21:13 - 2014-10-09 21:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-16 21:12 - 2014-10-09 21:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
2014-10-16 21:13 - 2014-10-09 21:04 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\jeffg_000\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "WinampAgent"
HKLM\...\StartupApproved\Run32: => "RazerGameBooster"
HKCU\...\StartupApproved\Run: => "iFunBoxConnector"
HKCU\...\StartupApproved\Run: => "Steam"
HKCU\...\StartupApproved\Run: => "EADM"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2458243595-2776839282-2538676139-500 - Administrator - Disabled)
Guest (S-1-5-21-2458243595-2776839282-2538676139-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2458243595-2776839282-2538676139-1003 - Limited - Enabled)
jeffg_000 (S-1-5-21-2458243595-2776839282-2538676139-1001 - Administrator - Enabled) => C:\Users\jeffg_000
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/24/2014 09:07:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.16431 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 8c8
 
Start Time: 01cfeff7a5537e59
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\syswow64\wwahost.exe
 
Report Id: 992b569f-5beb-11e4-becf-50465de44116
 
Faulting package full name: Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c
 
Faulting package-relative application ID: App
 
Error: (10/24/2014 08:54:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.16431 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1178
 
Start Time: 01cfeff5e834e609
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\syswow64\wwahost.exe
 
Report Id: dabeb519-5be9-11e4-becf-50465de44116
 
Faulting package full name: Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c
 
Faulting package-relative application ID: App
 
Error: (10/24/2014 07:51:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.16431 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1030
 
Start Time: 01cfefed1661bbea
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\syswow64\wwahost.exe
 
Report Id: 09e220bb-5be1-11e4-bece-50465de44116
 
Faulting package full name: Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c
 
Faulting package-relative application ID: App
 
Error: (10/24/2014 07:43:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.16431 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d50
 
Start Time: 01cfefec0255d881
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\syswow64\wwahost.exe
 
Report Id: f825609f-5bdf-11e4-bece-50465de44116
 
Faulting package full name: Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c
 
Faulting package-relative application ID: App
 
Error: (10/24/2014 07:41:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.9600.16384, time stamp: 0x5215d4c4
Faulting module name: MSSRCH.DLL, version: 7.0.9600.16384, time stamp: 0x5215d425
Exception code: 0xc0000005
Fault offset: 0x0000000000006dbe
Faulting process id: 0xc38
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3
Faulting package full name: SearchIndexer.exe4
Faulting package-relative application ID: SearchIndexer.exe5
 
Error: (10/24/2014 07:33:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16518, time stamp: 0x52157bbc
Faulting module name: ntdll.dll, version: 6.3.9600.16502, time stamp: 0x52c35a76
Exception code: 0xc0000374
Fault offset: 0x000e2fd8
Faulting process id: 0x19fc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/24/2014 07:33:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16518, time stamp: 0x52157bbc
Faulting module name: ntdll.dll, version: 6.3.9600.16502, time stamp: 0x52c35a76
Exception code: 0xc0000374
Fault offset: 0x000e2fd8
Faulting process id: 0x160c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/24/2014 07:31:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16518, time stamp: 0x52157bbc
Faulting module name: ntdll.dll, version: 6.3.9600.16502, time stamp: 0x52c35a76
Exception code: 0xc0000374
Fault offset: 0x000e2fd8
Faulting process id: 0x268c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/24/2014 07:31:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16518, time stamp: 0x52157bbc
Faulting module name: MSHTML.dll, version: 11.0.9600.16521, time stamp: 0x5311622b
Exception code: 0xc00000fd
Fault offset: 0x000d7eb4
Faulting process id: 0x3584
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/24/2014 07:29:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16518, time stamp: 0x52157bbc
Faulting module name: ntdll.dll, version: 6.3.9600.16502, time stamp: 0x52c35a76
Exception code: 0xc0000374
Fault offset: 0x000e2fd8
Faulting process id: 0x1e94
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
 
System errors:
=============
Error: (10/27/2014 02:34:51 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys
 
Error: (10/27/2014 00:25:10 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (10/27/2014 00:06:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:46:54 PM on ‎10/‎25/‎2014 was unexpected.
 
Error: (10/25/2014 10:00:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (10/24/2014 08:37:21 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (10/24/2014 07:42:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/24/2014 06:58:27 PM) (Source: DCOM) (EventID: 10010) (User: ISPARTAN24)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/24/2014 06:57:51 PM) (Source: DCOM) (EventID: 10010) (User: ISPARTAN24)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/24/2014 06:54:15 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys
 
Error: (10/24/2014 06:41:58 PM) (Source: DCOM) (EventID: 10010) (User: ISPARTAN24)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
 
Microsoft Office Sessions:
=========================
Error: (10/24/2014 09:07:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.164318c801cfeff7a5537e594294967295C:\WINDOWS\syswow64\wwahost.exe992b569f-5beb-11e4-becf-50465de44116Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5cApp
 
Error: (10/24/2014 08:54:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.16431117801cfeff5e834e6094294967295C:\WINDOWS\syswow64\wwahost.exedabeb519-5be9-11e4-becf-50465de44116Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5cApp
 
Error: (10/24/2014 07:51:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.16431103001cfefed1661bbea4294967295C:\WINDOWS\syswow64\wwahost.exe09e220bb-5be1-11e4-bece-50465de44116Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5cApp
 
Error: (10/24/2014 07:43:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.16431d5001cfefec0255d8814294967295C:\WINDOWS\syswow64\wwahost.exef825609f-5bdf-11e4-bece-50465de44116Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5cApp
 
Error: (10/24/2014 07:41:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.9600.163845215d4c4MSSRCH.DLL7.0.9600.163845215d425c00000050000000000006dbec3801cfefebfe4b5713C:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\MSSRCH.DLLaa3db114-5bdf-11e4-bece-50465de44116
 
Error: (10/24/2014 07:33:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1651852157bbcntdll.dll6.3.9600.1650252c35a76c0000374000e2fd819fc01cfefeb4ed51a0cC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\SYSTEM32\ntdll.dll8d157981-5bde-11e4-becd-50465de44116
 
Error: (10/24/2014 07:33:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1651852157bbcntdll.dll6.3.9600.1650252c35a76c0000374000e2fd8160c01cfefeb42714844C:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\SYSTEM32\ntdll.dll89f7af1f-5bde-11e4-becd-50465de44116
 
Error: (10/24/2014 07:31:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1651852157bbcntdll.dll6.3.9600.1650252c35a76c0000374000e2fd8268c01cfefeb11e0c4e3C:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\SYSTEM32\ntdll.dll53d8a583-5bde-11e4-becd-50465de44116
 
Error: (10/24/2014 07:31:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1651852157bbcMSHTML.dll11.0.9600.165215311622bc00000fd000d7eb4358401cfefeacf010ed7C:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\SYSTEM32\MSHTML.dll353f8699-5bde-11e4-becd-50465de44116
 
Error: (10/24/2014 07:29:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1651852157bbcntdll.dll6.3.9600.1650252c35a76c0000374000e2fd81e9401cfefe9d816ddbcC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\SYSTEM32\ntdll.dllf4f5d990-5bdd-11e4-becd-50465de44116
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-15 22:32:47.135
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-15 22:32:45.732
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-15 22:32:28.680
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-15 22:32:27.412
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-15 22:32:13.704
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-15 22:32:10.902
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-15 20:22:11.250
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-15 20:22:03.222
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-15 20:21:22.069
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-15 20:20:25.511
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 45%
Total physical RAM: 8077.54 MB
Available physical RAM: 4367.37 MB
Total Pagefile: 10765.54 MB
Available Pagefile: 7607.08 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:341.9 GB) (Free:9.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:335.39 GB) (Free:39.76 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 4F359092)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
Attached is the Summary zip

 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:34 AM

Posted 28 October 2014 - 08:57 AM

It is my pleasure to work with you on this.

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Cracking Software Warning

There is evidence of pirated software on your computer and I would request you remove it prior to completing the steps I have posted.

--------------------
 

Post by quietman7, on 02 October 2009 - 05:16 AM, said:


A Keygen is a program which is used to illegally bypass copy protection on games and commercial software by generating a random serial number, or "cd key", that matches the software it is intended to be used with.

A Cracking tool is used to copy commercial software illegally by breaking the various copy-protection and registration techniques being used.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Quote
Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

Quote
...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

Quote
...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

Some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.


===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
InternetURL: C:\Users\jeffg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INSTALL_TOR.URL -> https://paytordmbdekmizq.tor4pay.com/wY1wNo
SearchScopes: HKCU - {6459D9BA-0711-4CDD-931B-7CF174E93544} URL = http://searchou.com/?q={searchTerms}&id=6a77aaa100000000000012689d9f650a&r=140
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
2014-10-15 22:32 - 2014-10-15 22:32 - 00008518 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.HTML
2014-10-15 22:32 - 2014-10-15 22:32 - 00008518 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-10-15 22:32 - 2014-10-15 22:32 - 00004200 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.TXT
2014-10-15 22:32 - 2014-10-15 22:32 - 00004200 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-10-15 22:32 - 2014-10-15 22:32 - 00000274 _____ () C:\Users\Public\INSTALL_TOR.URL
2014-10-15 22:32 - 2014-10-15 22:32 - 00000274 _____ () C:\Users\Public\Documents\INSTALL_TOR.URL
2014-10-15 22:31 - 2014-10-15 22:31 - 00008518 _____ () C:\Users\jeffg_000\DECRYPT_INSTRUCTION.HTML
2014-10-15 22:31 - 2014-10-15 22:31 - 00004200 _____ () C:\Users\jeffg_000\DECRYPT_INSTRUCTION.TXT
2014-10-15 22:31 - 2014-10-15 22:31 - 00000274 _____ () C:\Users\jeffg_000\INSTALL_TOR.URL
2014-10-15 17:11 - 2014-10-15 17:11 - 00008516 _____ () C:\Users\jeffg_000\Downloads\DECRYPT_INSTRUCTION.HTML
2014-10-15 17:11 - 2014-10-15 17:11 - 00004198 _____ () C:\Users\jeffg_000\Downloads\DECRYPT_INSTRUCTION.TXT
2014-10-15 17:11 - 2014-10-15 17:11 - 00000272 _____ () C:\Users\jeffg_000\Downloads\INSTALL_TOR.URL
2014-10-15 17:06 - 2014-10-15 17:06 - 00008516 _____ () C:\Users\jeffg_000\Documents\DECRYPT_INSTRUCTION.HTML
2014-10-15 17:06 - 2014-10-15 17:06 - 00004198 _____ () C:\Users\jeffg_000\Documents\DECRYPT_INSTRUCTION.TXT
2014-10-15 17:06 - 2014-10-15 17:06 - 00000272 _____ () C:\Users\jeffg_000\Documents\INSTALL_TOR.URL
2014-10-15 16:10 - 2014-10-15 16:10 - 00008516 _____ () C:\Users\jeffg_000\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-10-15 16:10 - 2014-10-15 16:10 - 00008516 _____ () C:\Users\jeffg_000\AppData\DECRYPT_INSTRUCTION.HTML
2014-10-15 16:10 - 2014-10-15 16:10 - 00004198 _____ () C:\Users\jeffg_000\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-10-15 16:10 - 2014-10-15 16:10 - 00004198 _____ () C:\Users\jeffg_000\AppData\DECRYPT_INSTRUCTION.TXT
2014-10-15 16:10 - 2014-10-15 16:10 - 00000272 _____ () C:\Users\jeffg_000\AppData\Roaming\INSTALL_TOR.URL
2014-10-15 16:10 - 2014-10-15 16:10 - 00000272 _____ () C:\Users\jeffg_000\AppData\INSTALL_TOR.URL
2014-10-15 16:08 - 2014-10-15 16:08 - 00008516 _____ () C:\Users\jeffg_000\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-15 16:08 - 2014-10-15 16:08 - 00004198 _____ () C:\Users\jeffg_000\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-15 16:08 - 2014-10-15 16:08 - 00000272 _____ () C:\Users\jeffg_000\AppData\Local\INSTALL_TOR.URL
2014-10-15 16:06 - 2014-10-15 16:06 - 00008516 _____ () C:\Users\jeffg_000\AppData\Local\Apps\DECRYPT_INSTRUCTION.HTML
2014-10-15 16:06 - 2014-10-15 16:06 - 00004198 _____ () C:\Users\jeffg_000\AppData\Local\Apps\DECRYPT_INSTRUCTION.TXT
2014-10-15 16:06 - 2014-10-15 16:06 - 00000272 _____ () C:\Users\jeffg_000\AppData\Local\Apps\INSTALL_TOR.URL
C:\Users\jeffg_000\AppData\Local\Temp\dllnt_dump.dll
C:\Users\jeffg_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkzqg8c.dll
C:\Users\jeffg_000\AppData\Local\Temp\obupdat.exe
C:\Users\jeffg_000\AppData\Local\Temp\Quarantine.exe
C:\Users\jeffg_000\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-2458243595-2776839282-2538676139-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\jeffg_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2458243595-2776839282-2538676139-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\jeffg_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
C:\WINDOWS\system32\Drivers\etc\hosts
Task: {563238DF-885C-4EF3-9130-A895753662E8} - \AutoKMS No Task File <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Junkware log
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 iSpartan24

iSpartan24
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 28 October 2014 - 07:38 PM

Thank you for helping me through this! Learning a lot about malware here which is great. 

Junklog::
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 8.1 x64
Ran by jeffg_000 on Tue 10/28/2014 at 17:26:34.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6459D9BA-0711-4CDD-931B-7CF174E93544}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\WINDOWS\prefetch\SPEEDFAN.EXE-F8589D6F.pf
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/28/2014 at 17:33:40.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
fixlog::
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2014 01
Ran by jeffg_000 at 2014-10-28 19:33:22 Run:1
Running from C:\Users\jeffg_000\Desktop
Loaded Profile: jeffg_000 (Available profiles: jeffg_000)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
InternetURL: C:\Users\jeffg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INSTALL_TOR.URL -> https://paytordmbdekmizq.tor4pay.com/wY1wNo
SearchScopes: HKCU - {6459D9BA-0711-4CDD-931B-7CF174E93544} URL = http://searchou.com/?q={searchTerms}&id=6a77aaa100000000000012689d9f650a&r=140
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
2014-10-15 22:32 - 2014-10-15 22:32 - 00008518 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.HTML
2014-10-15 22:32 - 2014-10-15 22:32 - 00008518 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-10-15 22:32 - 2014-10-15 22:32 - 00004200 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.TXT
2014-10-15 22:32 - 2014-10-15 22:32 - 00004200 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-10-15 22:32 - 2014-10-15 22:32 - 00000274 _____ () C:\Users\Public\INSTALL_TOR.URL
2014-10-15 22:32 - 2014-10-15 22:32 - 00000274 _____ () C:\Users\Public\Documents\INSTALL_TOR.URL
2014-10-15 22:31 - 2014-10-15 22:31 - 00008518 _____ () C:\Users\jeffg_000\DECRYPT_INSTRUCTION.HTML
2014-10-15 22:31 - 2014-10-15 22:31 - 00004200 _____ () C:\Users\jeffg_000\DECRYPT_INSTRUCTION.TXT
2014-10-15 22:31 - 2014-10-15 22:31 - 00000274 _____ () C:\Users\jeffg_000\INSTALL_TOR.URL
2014-10-15 17:11 - 2014-10-15 17:11 - 00008516 _____ () C:\Users\jeffg_000\Downloads\DECRYPT_INSTRUCTION.HTML
2014-10-15 17:11 - 2014-10-15 17:11 - 00004198 _____ () C:\Users\jeffg_000\Downloads\DECRYPT_INSTRUCTION.TXT
2014-10-15 17:11 - 2014-10-15 17:11 - 00000272 _____ () C:\Users\jeffg_000\Downloads\INSTALL_TOR.URL
2014-10-15 17:06 - 2014-10-15 17:06 - 00008516 _____ () C:\Users\jeffg_000\Documents\DECRYPT_INSTRUCTION.HTML
2014-10-15 17:06 - 2014-10-15 17:06 - 00004198 _____ () C:\Users\jeffg_000\Documents\DECRYPT_INSTRUCTION.TXT
2014-10-15 17:06 - 2014-10-15 17:06 - 00000272 _____ () C:\Users\jeffg_000\Documents\INSTALL_TOR.URL
2014-10-15 16:10 - 2014-10-15 16:10 - 00008516 _____ () C:\Users\jeffg_000\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-10-15 16:10 - 2014-10-15 16:10 - 00008516 _____ () C:\Users\jeffg_000\AppData\DECRYPT_INSTRUCTION.HTML
2014-10-15 16:10 - 2014-10-15 16:10 - 00004198 _____ () C:\Users\jeffg_000\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-10-15 16:10 - 2014-10-15 16:10 - 00004198 _____ () C:\Users\jeffg_000\AppData\DECRYPT_INSTRUCTION.TXT
2014-10-15 16:10 - 2014-10-15 16:10 - 00000272 _____ () C:\Users\jeffg_000\AppData\Roaming\INSTALL_TOR.URL
2014-10-15 16:10 - 2014-10-15 16:10 - 00000272 _____ () C:\Users\jeffg_000\AppData\INSTALL_TOR.URL
2014-10-15 16:08 - 2014-10-15 16:08 - 00008516 _____ () C:\Users\jeffg_000\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-15 16:08 - 2014-10-15 16:08 - 00004198 _____ () C:\Users\jeffg_000\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-15 16:08 - 2014-10-15 16:08 - 00000272 _____ () C:\Users\jeffg_000\AppData\Local\INSTALL_TOR.URL
2014-10-15 16:06 - 2014-10-15 16:06 - 00008516 _____ () C:\Users\jeffg_000\AppData\Local\Apps\DECRYPT_INSTRUCTION.HTML
2014-10-15 16:06 - 2014-10-15 16:06 - 00004198 _____ () C:\Users\jeffg_000\AppData\Local\Apps\DECRYPT_INSTRUCTION.TXT
2014-10-15 16:06 - 2014-10-15 16:06 - 00000272 _____ () C:\Users\jeffg_000\AppData\Local\Apps\INSTALL_TOR.URL
C:\Users\jeffg_000\AppData\Local\Temp\dllnt_dump.dll
C:\Users\jeffg_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkzqg8c.dll
C:\Users\jeffg_000\AppData\Local\Temp\obupdat.exe
C:\Users\jeffg_000\AppData\Local\Temp\Quarantine.exe
C:\Users\jeffg_000\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-2458243595-2776839282-2538676139-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\jeffg_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2458243595-2776839282-2538676139-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\jeffg_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
C:\WINDOWS\system32\Drivers\etc\hosts
Task: {563238DF-885C-4EF3-9130-A895753662E8} - \AutoKMS No Task File <==== ATTENTION
*****************
 
"HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.
"HKU\S-1-5-21-2458243595-2776839282-2538676139-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
C:\Users\jeffg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INSTALL_TOR.URL => Moved successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6459D9BA-0711-4CDD-931B-7CF174E93544}" => Key not found.
"HKCR\CLSID\{6459D9BA-0711-4CDD-931B-7CF174E93544}" => Key not found.
"HKCR\PROTOCOLS\Handler\belarc" => Key deleted successfully.
"HKCR\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F}" => Key not found.
cpuz136 => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
C:\Users\Public\Documents\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\INSTALL_TOR.URL => Moved successfully.
C:\Users\Public\Documents\INSTALL_TOR.URL => Moved successfully.
C:\Users\jeffg_000\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\jeffg_000\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\jeffg_000\INSTALL_TOR.URL => Moved successfully.
C:\Users\jeffg_000\Downloads\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\jeffg_000\Downloads\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\jeffg_000\Downloads\INSTALL_TOR.URL => Moved successfully.
C:\Users\jeffg_000\Documents\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\jeffg_000\Documents\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\jeffg_000\Documents\INSTALL_TOR.URL => Moved successfully.
C:\Users\jeffg_000\AppData\Roaming\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\jeffg_000\AppData\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\jeffg_000\AppData\Roaming\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\jeffg_000\AppData\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\jeffg_000\AppData\Roaming\INSTALL_TOR.URL => Moved successfully.
C:\Users\jeffg_000\AppData\INSTALL_TOR.URL => Moved successfully.
C:\Users\jeffg_000\AppData\Local\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\jeffg_000\AppData\Local\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\jeffg_000\AppData\Local\INSTALL_TOR.URL => Moved successfully.
C:\Users\jeffg_000\AppData\Local\Apps\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\jeffg_000\AppData\Local\Apps\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\jeffg_000\AppData\Local\Apps\INSTALL_TOR.URL => Moved successfully.
C:\Users\jeffg_000\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\jeffg_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkzqg8c.dll => Moved successfully.
C:\Users\jeffg_000\AppData\Local\Temp\obupdat.exe => Moved successfully.
C:\Users\jeffg_000\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\jeffg_000\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-2458243595-2776839282-2538676139-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-2458243595-2776839282-2538676139-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.
C:\WINDOWS\system32\Drivers\etc\hosts => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{563238DF-885C-4EF3-9130-A895753662E8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{563238DF-885C-4EF3-9130-A895753662E8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
 
==== End of Fixlog ====
 
Computer seems to be almost 100%! 3% cpu usage and 28% memory usage with just chrome open. I think I might be fully cleaned at this point unless you have any further advice in removal. 

 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:34 AM

Posted 28 October 2014 - 07:54 PM

That is good to hear. We do have some other things to do to make sure you are clean. Please do these things for me.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#9 iSpartan24

iSpartan24
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 29 October 2014 - 01:35 PM

 The ESET scanner has been running for 17 hours and got stuck on a Civilization 5 file? Stuck at 93% I left it overnight and it's still stuck on that same file. Should I stop the program remove what it's found so far and run the scan again?



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:34 AM

Posted 29 October 2014 - 02:13 PM

Yes give that a try, thanks.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:34 AM

Posted 01 November 2014 - 10:59 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 iSpartan24

iSpartan24
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 02 November 2014 - 11:24 AM

Sorry got caught up in the holiday, I've run ESET 4 times all times getting stuck at 93% on a Sid Meier Civ V gamefile. I uninstalled Civ V but there's still a directory where it's getting stuck on for some reason.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:34 AM

Posted 02 November 2014 - 04:42 PM

Let's use this program instead.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste the contents of the report in your reply
  • Close the program then click Close
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#14 iSpartan24

iSpartan24
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 04 November 2014 - 12:03 AM

Emsisoft Emergency Kit - Version 9.0
Last update: 11/3/2014 5:25:55 PM
User account: ISPARTAN24\jeffg_000
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 11/3/2014 5:36:09 PM
 
Scanned 904414
Found 0
 
Scan end: 11/3/2014 11:01:36 PM
Scan time: 5:25:27


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:34 AM

Posted 04 November 2014 - 08:51 AM

That looks great. I think we got sidetracked a bit and overlooked the Security Check Scan from Post #8. Please run that and we will take a look at what it tells us.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users