Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe *32 replicating and killing memory -powershell errors


  • This topic is locked This topic is locked
107 replies to this topic

#1 candigram

candigram

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 19 October 2014 - 12:10 AM

i am running windows 7  - i have tried multiple things to clear this and find that I have been infected by the Powelinks virus- i ran Rogue killer and it was id'd --i am also getting 'powershell has stopped working' pop ups-



BC AdBot (Login to Remove)

 


#2 candigram

candigram
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 19 October 2014 - 10:36 AM

sorry -- the 'puter crashed before i could get dds info on: BTW the dds info took much longer than 3 min
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.67.2
Run by Marvin at 10:17:13 on 2014-10-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5617.1906 [GMT -5:00]
.
AV: AVG Internet Security 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2015 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\IDT\WDM\beats64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\ATT-SST\pcTrayApp.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\ctfmon.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\StikyNot.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\taskmgr.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
mRun: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
Trusted Zone: $talisma_url$
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Diamond%20Detective/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Diamond%20Detective/Images/armhelper.ocx
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{215663CA-A901-4FE5-BD29-5200FCE0BDC8} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C5919B8B-A5CD-4B45-99F6-FB6695411A85} : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-RunOnce: [PCDrProfiler] "C:\Program Files\PC-Doctor for Windows\RunProfiler.exe" -r
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\r5irfcgj.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Marvin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-8-26 78976]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-8-26 38528]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-18 190744]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-9-30 261400]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-8-26 87168]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-8-26 188544]
.
=============== Created Last 30 ================
.
2014-10-19 03:51:16 34808 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-10-19 03:51:11 -------- d-----w- C:\ProgramData\RogueKiller
2014-10-18 22:20:59 -------- d-----w- C:\FRST
2014-10-18 11:58:25 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-18 11:56:33 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-18 11:56:32 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-18 11:56:32 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-18 11:56:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-15 20:13:27 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-15 20:13:24 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-15 20:13:24 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-15 20:13:24 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-15 20:13:24 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-15 20:13:24 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-15 20:13:24 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-15 20:11:59 483840 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-10-15 20:10:59 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-10-15 13:57:25 -------- d-----w- C:\Program Files (x86)\Criminal Investigation Agents - Petrodollars
2014-10-13 14:19:50 -------- d-----w- C:\Program Files (x86)\Shrouded Tales - The Spellbound Land
2014-10-11 13:42:23 -------- d-----w- C:\Users\Marvin\AppData\Roaming\IteraLabs
2014-10-05 15:14:28 -------- d-----w- C:\Program Files (x86)\Whispered Secrets - Into the Wind Collectors Edition
2014-10-05 14:01:57 -------- d-----w- C:\Program Files (x86)\Labyrinths of the World - Shattered Soul
2014-10-01 01:55:12 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-10-01 01:55:12 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-30 22:35:40 261400 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-09-27 15:03:09 -------- d-----w- C:\Program Files (x86)\Mystic Saga
2014-09-24 20:41:09 -------- d-----w- C:\Users\Marvin\AppData\Roaming\InfernalBros
2014-09-24 20:18:42 -------- d-----w- C:\ProgramData\Arizona-Rose-2
2014-09-24 17:50:20 -------- d-----w- C:\Users\Marvin\AppData\Local\Match 3. Story of Gimli
2014-09-24 02:10:20 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-24 02:10:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-23 02:59:37 -------- d-----w- C:\Program Files (x86)\Agency 33
.
==================== Find3M  ====================
.
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-24 01:58:33 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 01:58:33 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-13 12:38:06 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2014-09-13 12:38:06 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2014-09-13 12:38:06 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2014-09-13 12:38:05 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-08 02:42:12 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-29 02:47:24 243480 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-07-25 17:55:09 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-25 07:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 04:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
.
============= FINISH: 10:27:11.16 ===============



#3 candigram

candigram
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 19 October 2014 - 10:46 AM

Attached File  Attach.txt   13.01KB   18 downloads

Edited by candigram, 19 October 2014 - 10:47 AM.


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:17 AM

Posted 19 October 2014 - 02:13 PM

i ran Rogue killer and it was id'd

Log is missing.

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:17 AM

Posted 24 October 2014 - 12:44 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:17 AM

Posted 25 October 2014 - 05:41 AM

User returned.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 candigram

candigram
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 25 October 2014 - 08:21 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2014
Ran by Marvin (administrator) on MARVIN-HP on 24-10-2014 19:41:26
Running from C:\Users\Marvin\Downloads
Loaded Profile: Marvin (Available profiles: Marvin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(iWin Inc.) C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Alcatel-Lucent) C:\Program Files\ATT-SST\pcTrayApp.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Acer Display\eDisplay Management\dthtml.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Farbar) C:\Users\Marvin\Downloads\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-24] (IDT, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\pcTrayApp.exe [2790400 2012-11-15] (Alcatel-Lucent)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [110192 2010-05-13] ()
HKLM-x32\...\Run: [DT ACR] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2012-04-13] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-10-29] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3778576 2014-10-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard)
HKLM\...\RunOnce: [PCDrProfiler] => C:\Program Files\PC-Doctor for Windows\RunProfiler.exe [136176 2009-06-26] (PC-Doctor, Inc.)
HKU\S-1-5-21-2902022946-1923035353-1889978951-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1937600 2014-08-13] (Valve Corporation)
HKU\S-1-5-21-2902022946-1923035353-1889978951-1000\...\Run: [KGShareApp] => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-02-03] (Eastman Kodak Company)
HKU\S-1-5-21-2902022946-1923035353-1889978951-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0D731642-FF8D-43B5-8E81-54E882BA14BB} URL = 
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = 
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKCU - {FDF8245A-6F5E-4065-8396-90430B67DD4C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3057876
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Diamond%20Detective/Images/stg_drm.ocx
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: HKLM-x32 {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: HKLM-x32 {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: HKLM-x32 {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinner.com/games/v43/paint/paint.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Diamond%20Detective/Images/armhelper.ocx
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\r5irfcgj.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marvin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Zombie Keys - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\r5irfcgj.default\Extensions\zombiekeys@bolay.de.xpi [2014-02-19]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "https://mail.google.com/mail/ca/u/0/#inbox", "https://mail.google.com/mail/ca/u/2/#inbox", "https://mail.google.com/mail/ca/u/0/?ui=2&shva=1#inbox", "https://mail.google.com/mail/ca/u/1/#inbox", "https://trello.com/board/re-inclusion-project/50aab3e9a8e79c4a0b0006d5", "https://drive.google.com/a/stripes39.com/?tab=mo#my-drive", "hxxp://www.searchnu.com/406", "hxxp://mysearch.avg.com/?cid={53A09773-AE42-43DC-9B57-21F6D22FD0E3}&mid=266ee72c3c1f47d39dd5693f79c66dcf-72f696d916a902419abe6f265d1422fb0c0e6f5d&lang=en&ds=AVG&pr=fr&d=2013-08-20 19:04:31&v=15.4.0.5&pid=safeguard&sg=0&sap=hp", "hxxp://mysearch.avg.com/?cid={53A09773-AE42-43DC-9B57-21F6D22FD0E3}&mid=266ee72c3c1f47d39dd5693f79c66dcf-72f696d916a902419abe6f265d1422fb0c0e6f5d&lang=en&ds=AVG&pr=fr&d=2013-08-29 21:05:22&v=15.6.1.2&pid=safeguard&sg=0&sap=hp", "hxxp://mysearch.avg.com?cid={53A09773-AE42-43DC-9B57-21F6D22FD0E3}&mid=266ee72c3c1f47d39dd5693f79c66dcf-72f696d916a902419abe6f265d1422fb0c0e6f5d&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 20:29:32&v=18.1.0.443&pid=safeguard&sg=0&sap=hp", "hxxp://mysearch.avg.com?cid={53A09773-AE42-43DC-9B57-21F6D22FD0E3}&mid=266ee72c3c1f47d39dd5693f79c66dcf-72f696d916a902419abe6f265d1422fb0c0e6f5d&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 20:29:32&v=18.1.5.512&pid=safeguard&sg=0&sap=hp", "hxxp://mysearch.avg.com?cid={53A09773-AE42-43DC-9B57-21F6D22FD0E3}&mid=266ee72c3c1f47d39dd5693f79c66dcf-72f696d916a902419abe6f265d1422fb0c0e6f5d&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 20:29:32&v=18.1.7.598&pid=safeguard&sg=0&sap=hp"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bejeweled) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-06-15]
CHR Extension: (Google Docs) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-14]
CHR Extension: (Google Drive) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-14]
CHR Extension: (Mancala) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjlhjhpnhabnfepdfemepiilbjbkecpe [2014-07-12]
CHR Extension: (Thesaurus.com - Synonyms and Antonyms) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabakieebci [2014-07-12]
CHR Extension: (Google Search) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-14]
CHR Extension: (Netflix) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2014-07-12]
CHR Extension: (Google News) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2013-05-17]
CHR Extension: (Pandora) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-02-14]
CHR Extension: (PageRank Checker) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfnmbajmhlicbciamdjolghciajfpanb [2014-07-12]
CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2014-07-12]
CHR Extension: (Fairway Solitaire) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkpbdfapchjogkmfpcmnfjdimgijhdho [2013-02-14]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2013-05-28]
CHR Extension: (Spotify Chrome Extension) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjmlahipheaaghllkabfkpolljilkjb [2013-02-14]
CHR Extension: (Flood-It!) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp [2014-07-12]
CHR Extension: (NPR Infinite Player) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf [2014-07-12]
CHR Extension: (Eye Dropper) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka [2014-07-12]
CHR Extension: (Google Play Music) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-02-14]
CHR Extension: (Night Time In New York City) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek [2013-05-15]
CHR Extension: (LJ Account Juggler) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfnihbghaikdicpdiciecbbdoegcfhc [2014-07-12]
CHR Extension: (The Poppit Show) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgelgappphlblgabnmkmdeifjkgfchbl [2013-05-28]
CHR Extension: (Google Play) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-02-14]
CHR Extension: (BuzzFeed) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnidllihfjkdhhojnkemmfbcjecdodc [2013-05-20]
CHR Extension: (Okay Geek News) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnokhoapmmdekfhnmodkcenihchhigio [2013-05-28]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-07-12]
CHR Extension: (Pursued) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mglmffkipgdhdkolbbkofkfhappinpin [2013-05-28]
CHR Extension: (Quick Note) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2014-07-12]
CHR Extension: (NewsSquares - Stylish Reading in Chrome) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmehbmdeabanfnddlekelahkaclfdhl [2013-05-22]
CHR Extension: (Listube - Free Online On-Demand Music Player) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlelfeaeehmpkbcfjmjcbilahepgcjgk [2013-02-14]
CHR Extension: (PageRank Display) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmhofljhcphkbkjmhaiagmbajikkfnep [2014-07-12]
CHR Extension: (PageRank) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmblkkmdeobfklgefdnoakgkmcekhcg [2014-07-12]
CHR Extension: (AVG Secure Search) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-07-12]
CHR Extension: (ScoopIt) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheicoppbioibofoaojjfhlnmgcgkomj [2013-05-28]
CHR Extension: (Google Wallet) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (My Chrome Theme) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-07-12]
CHR Extension: (__MSG_extBrowserActionName__) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelggcmknbjmhkpgjfhakedcfnkgbdpg [2014-07-12]
CHR Extension: (Gmail) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1564944 2014-10-01] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3526160 2014-10-01] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [323288 2014-10-01] (AVG Technologies CZ, s.r.o.)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138032 2012-04-13] (Portrait Displays, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-11-15] (Alcatel-Lucent) [File not signed]
R2 pcServiceHost; C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [342528 2012-11-15] (Alcatel-Lucent) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
R2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [520360 2013-03-25] (iWin Inc.)
R2 vToolbarUpdater14.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.0\ToolbarUpdater.exe [945480 2012-12-26] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [261400 2014-09-30] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-09-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [37720 2012-12-26] (AVG Technologies)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-11-15] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2012-11-15] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-11-15] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2012-11-15] (Printing Communications Assoc., Inc. (PCAUSA))
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20784 2012-04-13] (Portrait Displays, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-19] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-19 16:24 - 2014-10-19 16:24 - 02112512 _____ (Farbar) C:\Users\Marvin\Desktop\FRST64.exe
2014-10-19 16:23 - 2014-10-19 16:23 - 02112512 _____ (Farbar) C:\Users\Marvin\Downloads\FRST64 (1).exe
2014-10-19 10:39 - 2014-10-19 10:40 - 00000000 ____D () C:\Users\Marvin\Desktop\Crue Cards
2014-10-18 23:50 - 2014-10-18 23:50 - 00003536 ____N () C:\bootsqm.dat
2014-10-18 22:51 - 2014-10-19 00:23 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-18 22:51 - 2014-10-18 22:51 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-18 22:42 - 2014-10-18 22:42 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Marvin\Downloads\procexp.exe
2014-10-18 22:40 - 2014-10-18 22:40 - 01188194 _____ () C:\Users\Marvin\Downloads\ProcessExplorer (1).zip
2014-10-18 19:00 - 2014-10-24 19:26 - 00003344 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2902022946-1923035353-1889978951-1000
2014-10-18 17:25 - 2014-10-18 17:28 - 00072705 _____ () C:\Users\Marvin\Downloads\Addition.txt
2014-10-18 17:21 - 2014-10-24 19:41 - 00028536 _____ () C:\Users\Marvin\Downloads\FRST.txt
2014-10-18 17:20 - 2014-10-24 19:41 - 00000000 ____D () C:\FRST
2014-10-18 17:19 - 2014-10-18 17:20 - 00415232 _____ (Farbar) C:\Users\Marvin\Downloads\FSS.exe
2014-10-18 17:14 - 2014-10-18 17:14 - 02112000 _____ (Farbar) C:\Users\Marvin\Downloads\FRST64.exe
2014-10-18 06:58 - 2014-10-19 16:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-18 06:57 - 2014-10-18 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-18 06:56 - 2014-10-18 18:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-18 06:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-18 06:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-18 06:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-15 15:13 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 15:13 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 15:13 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 15:13 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 15:13 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 15:13 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 15:13 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 15:12 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 15:12 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 15:12 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 15:12 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 15:12 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 15:12 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 15:12 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 15:12 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 15:12 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 15:12 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 15:12 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 15:12 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 15:12 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 15:12 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 15:12 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 15:12 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 15:12 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 15:12 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 15:12 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 15:12 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 15:12 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 15:12 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 15:12 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 15:12 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 15:12 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 15:12 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 15:12 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 15:12 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 15:12 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 15:12 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 15:12 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 15:12 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 15:12 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 15:12 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 15:12 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 15:12 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 15:12 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 15:12 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 15:12 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 15:12 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 15:12 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 15:12 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 15:12 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 15:12 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 15:12 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 15:12 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 15:12 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 15:12 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 15:12 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 15:12 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 15:12 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 15:12 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 15:12 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 15:12 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 15:12 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 15:12 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 15:12 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 15:12 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 15:12 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 15:12 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 15:12 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 15:12 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 15:12 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 15:12 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 15:12 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 15:11 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 15:11 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 15:11 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 15:11 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 15:11 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 15:11 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 15:11 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 15:11 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 15:11 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 15:11 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 15:11 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 15:11 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 15:11 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 15:11 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 15:11 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 15:11 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 15:11 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 15:11 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 15:11 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 15:11 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 15:11 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 15:11 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 15:11 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 15:11 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 15:11 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 15:11 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 15:11 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 15:11 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 15:10 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 15:10 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 15:10 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 15:10 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 15:10 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 15:10 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 15:10 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 15:10 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 15:10 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 15:10 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 15:10 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 15:10 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 15:10 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 15:10 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 15:10 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 15:10 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 15:10 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 15:10 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 15:10 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 15:10 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 08:57 - 2014-10-18 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Criminal Investigation Agents - Petrodollars
2014-10-15 08:57 - 2014-10-18 18:42 - 00000000 ____D () C:\Program Files (x86)\Criminal Investigation Agents - Petrodollars
2014-10-15 08:57 - 2014-10-18 18:22 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Criminal Investigation Agents - Petrodollars
2014-10-15 08:57 - 2014-10-15 08:57 - 00001318 _____ () C:\Users\Public\Desktop\More Great Games.lnk
2014-10-13 11:18 - 2014-10-19 10:38 - 00002564 _____ () C:\Windows\PFRO.log
2014-10-13 09:19 - 2014-10-18 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shrouded Tales - The Spellbound Land
2014-10-13 09:19 - 2014-10-18 18:42 - 00000000 ____D () C:\Program Files (x86)\Shrouded Tales - The Spellbound Land
2014-10-13 09:19 - 2014-10-18 18:22 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shrouded Tales - The Spellbound Land
2014-10-11 08:42 - 2014-10-11 08:42 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\IteraLabs
2014-10-08 15:59 - 2014-10-08 15:59 - 00027647 _____ () C:\Users\Marvin\Downloads\Hiveworks Comics.htm
2014-10-06 15:08 - 2014-10-24 19:25 - 00000784 _____ () C:\Windows\setupact.log
2014-10-05 10:14 - 2014-10-05 10:14 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Whispered Secrets - Into the Wind Collectors Edition
2014-10-05 10:14 - 2014-10-05 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Whispered Secrets - Into the Wind Collectors Edition
2014-10-05 10:14 - 2014-10-05 10:14 - 00000000 ____D () C:\Program Files (x86)\Whispered Secrets - Into the Wind Collectors Edition
2014-10-05 09:01 - 2014-10-05 09:03 - 00000000 ____D () C:\Program Files (x86)\Labyrinths of the World - Shattered Soul
2014-10-05 09:01 - 2014-10-05 09:01 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Labyrinths of the World - Shattered Soul
2014-10-05 09:01 - 2014-10-05 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Labyrinths of the World - Shattered Soul
2014-09-30 20:55 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 20:55 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 17:35 - 2014-09-30 17:35 - 00261400 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-09-27 10:03 - 2014-09-27 10:03 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystic Saga
2014-09-27 10:03 - 2014-09-27 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystic Saga
2014-09-27 10:03 - 2014-09-27 10:03 - 00000000 ____D () C:\Program Files (x86)\Mystic Saga
2014-09-24 19:40 - 2014-09-24 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 15:41 - 2014-09-24 15:41 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\InfernalBros
2014-09-24 15:18 - 2014-09-24 15:18 - 00000000 ____D () C:\ProgramData\Arizona-Rose-2
2014-09-24 12:50 - 2014-09-24 14:45 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Match 3. Story of Gimli
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-24 19:34 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 19:34 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 19:33 - 2011-11-06 23:12 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-24 19:30 - 2011-08-26 15:19 - 01213644 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 19:27 - 2012-02-01 18:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-24 19:26 - 2014-08-18 08:22 - 00003212 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2902022946-1923035353-1889978951-1000
2014-10-24 19:26 - 2011-08-26 15:33 - 00000000 ____D () C:\ProgramData\PDFC
2014-10-24 19:25 - 2014-09-11 19:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 19:25 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-19 16:24 - 2011-11-06 22:28 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{27D86958-5E2B-4C0C-BA46-D9E46261A1D6}
2014-10-19 10:49 - 2013-03-03 12:28 - 00000000 ___RD () C:\Users\Marvin\Desktop\computer fix
2014-10-19 10:40 - 2011-11-11 18:27 - 00000000 ___RD () C:\Users\Marvin\Desktop\games
2014-10-19 10:38 - 2011-11-21 17:57 - 00000000 ____D () C:\Windows\Minidump
2014-10-19 10:38 - 2011-08-26 15:51 - 00336641 ____N () C:\Windows\Minidump\101914-72228-01.dmp
2014-10-19 10:23 - 2011-11-10 20:37 - 00007653 _____ () C:\Users\Marvin\AppData\Local\Resmon.ResmonCfg
2014-10-19 10:22 - 2011-08-26 15:25 - 00000000 ____D () C:\ProgramData\Temp
2014-10-19 10:07 - 2012-08-24 10:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-19 08:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-18 23:24 - 2011-11-06 22:23 - 00000000 ____D () C:\Users\Marvin
2014-10-18 23:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-10-18 18:58 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Web
2014-10-18 18:42 - 2014-09-11 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-18 18:42 - 2011-08-26 15:26 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-10-18 18:42 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-18 18:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-18 18:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-18 18:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-18 18:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-18 18:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-18 18:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-10-18 12:08 - 2011-11-08 17:24 - 00000000 ____D () C:\Users\Marvin\AppData\Local\CrashDumps
2014-10-18 06:57 - 2012-06-29 21:32 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Malwarebytes
2014-10-18 06:56 - 2013-02-06 19:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-18 06:56 - 2012-06-29 21:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-18 03:57 - 2014-09-11 19:16 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 03:57 - 2014-09-11 19:16 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 03:57 - 2014-09-11 19:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-17 21:43 - 2013-07-20 08:46 - 00000000 ____D () C:\BigFishCache
2014-10-17 10:13 - 2012-07-02 03:08 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMarvin
2014-10-17 10:13 - 2012-07-02 03:08 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForMarvin.job
2014-10-16 21:27 - 2014-09-11 19:17 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-16 03:51 - 2011-11-12 23:02 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-16 03:51 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 03:48 - 2009-07-13 23:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 03:23 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 03:01 - 2011-11-10 15:56 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-13 09:28 - 2013-10-06 19:33 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Friendly Cactus
2014-10-13 08:24 - 2011-11-21 13:20 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-13 08:24 - 2011-11-14 13:06 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-13 08:23 - 2011-11-14 13:05 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\HP Support Assistant
2014-10-13 08:23 - 2011-11-07 22:40 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\HpUpdate
2014-10-13 08:15 - 2014-05-03 08:40 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Brave Giant
2014-10-11 10:44 - 2014-03-09 10:22 - 00000000 ____D () C:\ProgramData\Meridian93
2014-10-11 10:22 - 2012-05-20 16:09 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Meridian93
2014-10-06 11:04 - 2014-08-18 08:13 - 00000927 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-06 11:04 - 2014-08-18 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-05 10:25 - 2013-12-12 06:53 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\GrandMA Studios
2014-10-05 09:14 - 2012-10-18 19:09 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\DominiGames
2014-10-04 11:11 - 2012-07-07 13:09 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Mad Head Games
2014-10-02 19:06 - 2014-02-19 22:14 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\8floor
2014-09-29 20:11 - 2013-03-03 12:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-28 11:15 - 2012-06-16 09:21 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Artifex Mundi
2014-09-28 00:18 - 2012-05-28 11:38 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Eipix
2014-09-27 21:11 - 2012-01-15 15:51 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Elephant Games
 
Some content of TEMP:
====================
C:\Users\Marvin\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 03:00
 
==================== End Of Log ============================


#8 candigram

candigram
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 25 October 2014 - 08:31 AM

Addition.txt didn't open the above is the log only. I'm not sure if this is my error or a problem in the computer. I will re-run frst to see if I get the addition log

#9 candigram

candigram
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 25 October 2014 - 08:57 AM

heres the addition.txt fil  

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-10-2014
Ran by Marvin at 2014-10-25 08:37:14
Running from C:\Users\Marvin\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2015 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2015 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.01.18.0 - Ralink)
Acer eDisplay Management (HKLM-x32\...\{A586DC50-B18D-48FB-B7CC-A598200457C2}) (Version: 1.37.007 - Portrait Displays, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Agency 33 (HKLM-x32\...\BFG-Agency 33) (Version:  - )
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version:  - Electronic Arts)
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.60704.0132 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0704.121.523 - ATI) Hidden
Another Case Solved (HKLM-x32\...\BFG-Another Case Solved) (Version:  - )
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Troubleshoot & Resolve Tool (HKLM-x32\...\ATT-SST) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{F580D12E-01E5-31A6-A321-7C8E6D5361A5}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5513 - AVG Technologies)
AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5513 - AVG Technologies) Hidden
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version:  - PopCap Games)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0704.121.523 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0704.121.523 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0704.121.523 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0704.0120.523 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0704.0120.523 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0704.0120.523 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0704.0120.523 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0704.0120.523 - ATI) Hidden
CCC Help English (x32 Version: 2011.0704.0120.523 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0704.0120.523 - ATI) Hidden
CCC Help French (x32 Version: 2011.0704.0120.523 - ATI) Hidden
CCC Help German (x32 Version: 2011.0704.0120.523 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0704.0120.523 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0704.0120.523 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0704.0120.523 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0704.0120.523 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0704.0120.523 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0704.0120.523 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0704.0120.523 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0704.0120.523 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0704.0120.523 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0704.0120.523 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0704.0120.523 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0704.0120.523 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0704.0120.523 - ATI) Hidden
ccc-utility64 (Version: 2011.0704.121.523 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Cockatrice (HKLM-x32\...\Cockatrice) (Version:  - )
Criminal Investigation Agents: Petrodollars (HKLM-x32\...\BFG-Criminal Investigation Agents - Petrodollars) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Fishdom (HKLM-x32\...\Fishdom) (Version:  - Pogo.com)
Full Tilt Poker.Net (HKLM-x32\...\{E07B7A31-E160-466D-A003-3BB7B8989D52}) (Version: 4.61.20.WIN.FullTilt.NET - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Governor of Poker (HKLM-x32\...\BFG-Governor of Poker) (Version:  - )
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5205.31 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP MovieStore (x32 Version: 1.0.057 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6349.0 - IDT)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
KODAK Share Button App (HKLM-x32\...\{16B2498C-C6C1-4AE7-95EF-D2A09F50071C}) (Version: 4.01.0000.0000 - Eastman Kodak Company)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
Labyrinths of the World: Shattered Soul (HKLM-x32\...\BFG-Labyrinths of the World - Shattered Soul) (Version:  - )
LIMBO (HKCU\...\Limbo) (Version:  - )
Mabinogi (HKLM-x32\...\Mabinogi) (Version:  - devCAT)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Manor Memoirs Collector's Edition (HKLM-x32\...\BFG-Manor Memoirs Collectors Edition) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystic Saga (HKLM-x32\...\BFG-Mystic Saga) (Version:  - )
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{4AA68A73-DB9C-439D-9481-981C82BD008B}) (Version: 7.1.69.0 - Nokia)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
PC Connectivity Solution (HKLM-x32\...\{A2AA4204-C05A-4013-888A-AD153139297F}) (Version: 11.5.29.0 - Nokia)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
Peggle Deluxe (HKLM-x32\...\Steam App 3480) (Version:  - PopCap Games, Inc.)
Peggle Nights (HKLM-x32\...\Steam App 3540) (Version:  - PopCap Games, Inc.)
Pivot Pro Plugin (x32 Version: 9.50.110 - Portrait Displays, Inc.) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Pogo Games (HKLM-x32\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
Quantum Conundrum (HKLM-x32\...\Steam App 200010) (Version:  - Airtight Games)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden
Relic Rescue (HKLM-x32\...\BFG-Relic Rescue) (Version:  - )
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SDK (x32 Version: 2.32.010 - Portrait Displays, Inc.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shrouded Tales: The Spellbound Land (HKLM-x32\...\BFG-Shrouded Tales - The Spellbound Land) (Version:  - )
Slingo Supreme 2 (HKLM-x32\...\BFG-Slingo Supreme 2) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Team Fortress 2 Beta (HKLM-x32\...\Steam App 520) (Version:  - Valve)
Toy Defense (HKLM-x32\...\Toy Defense) (Version:  - Pogo.com)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version:  - Sakar)
Whispered Secrets: Into the Wind Collector's Edition (HKLM-x32\...\BFG-Whispered Secrets - Into the Wind Collectors Edition) (Version:  - )
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2902022946-1923035353-1889978951-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
 
==================== Restore Points  =========================
 
08-10-2014 20:18:27 Scheduled Checkpoint
16-10-2014 08:00:51 Windows Update
18-10-2014 23:09:33 Restore Operation
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2013-09-02 10:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {06807DF3-9819-4D9B-9661-7FFF035FE7F8} - System32\Tasks\HP online update program => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-12-08] (Hewlett-Packard)
Task: {21833A9E-215C-44CB-8FFD-0CB130046636} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2012-02-03] (Eastman Kodak Company)
Task: {3B2FD90F-38E2-4ED0-947D-44984245F157} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {3F6B4AA8-AEB8-4941-8D05-B04FBF332E01} - System32\Tasks\HPCeeScheduleForMarvin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {4341191E-7EA7-410A-AB60-5CE5DCF74834} - System32\Tasks\Real Player online update program => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-10-29] (RealNetworks, Inc.)
Task: {45B90E6B-A153-4156-8738-70385C9C51D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-11] (Google Inc.)
Task: {5CCC6274-0FB9-4CAF-8006-480E25702384} - System32\Tasks\{EEA12826-87FD-48F6-8360-E126E4F68CBE} => C:\Nexon\Mabinogi\Client.exe [2014-05-19] (NEXON KOREA)
Task: {6C0127E7-88EC-4BCB-9035-6B6F60ED965A} - System32\Tasks\{9B6E0E29-E420-4235-9725-1F844CC388EA} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-05-26] (Apple Inc.)
Task: {6EA16D2F-E730-4EF5-8C59-1EB60365E0B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {72D3FBC9-82F7-4077-A6B2-482E466ACE0C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {7ECFD10C-0715-40C0-972B-44AAA1BBA407} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {7F91BD05-17F6-4BB4-B565-B7CAB6412BCF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-11] (Google Inc.)
Task: {82C74BA9-B53E-40DB-89CB-FEDD53438C62} - System32\Tasks\{38E0D14D-1A35-4E3C-B01F-4D357F62187E} => C:\Nexon\Mabinogi\Mabinogi.exe [2013-06-17] ()
Task: {91DF67F3-5307-4089-871D-9384C96EC5BE} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {9FDA50A6-C172-43E7-9976-C604834A7CB1} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {A092BE33-8201-4211-83B2-47D3ED3F5BB2} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\iWin Games\iWinGames.exe
Task: {B0441D44-A04B-469C-BAF1-770E97E264C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {C074B8BC-1DDC-4A48-9797-63DDC5CC606A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {C3AF7E3F-31D5-478A-93A8-B32862D644C3} - System32\Tasks\Google Updater and Installer => C:\Users\Marvin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {C942ECA0-7E5B-4B18-97A3-0F97B649FD95} - System32\Tasks\{2CA5035F-D506-438A-ADD0-42B041E0E727} => C:\Nexon\Mabinogi\Client.exe [2014-05-19] (NEXON KOREA)
Task: {CA27D90D-6023-4231-A316-4A8798C93D7F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2902022946-1923035353-1889978951-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {D6D960D9-3C1C-4C29-A3CC-5C6E065C4C76} - System32\Tasks\{25B488BF-09CD-467A-AFA1-B662E3F249B8} => C:\GameHouse Games\Old Clockmaker's Riddle\GH-Clockmaker.exe
Task: {DDA29D47-5B8F-4AC4-9A50-27A881051379} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-15] ()
Task: {DEE49A3A-C9E7-4EBF-9F61-1241DF66DABA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E0105D11-8FF8-4F5E-84B9-D4BCD73A89FB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2902022946-1923035353-1889978951-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {E1CCA7A4-42C0-443A-B8A9-076E0CC83221} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {E99C92F8-89A1-4010-A42B-4CC3918C33EB} - System32\Tasks\{E4E4DE10-F599-4608-9172-E9F64F040E78} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-05-26] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMarvin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:00258EE7
AlternateDataStreams: C:\ProgramData\Temp:00D77978
AlternateDataStreams: C:\ProgramData\Temp:00D99749
AlternateDataStreams: C:\ProgramData\Temp:0107E5CF
AlternateDataStreams: C:\ProgramData\Temp:0119BEA0
AlternateDataStreams: C:\ProgramData\Temp:0168CC60
AlternateDataStreams: C:\ProgramData\Temp:021703B2
AlternateDataStreams: C:\ProgramData\Temp:024B9CC7
AlternateDataStreams: C:\ProgramData\Temp:025DF3DE
AlternateDataStreams: C:\ProgramData\Temp:02DD996C
AlternateDataStreams: C:\ProgramData\Temp:038F4577
AlternateDataStreams: C:\ProgramData\Temp:0410A323
AlternateDataStreams: C:\ProgramData\Temp:0452501D
AlternateDataStreams: C:\ProgramData\Temp:04A18F36
AlternateDataStreams: C:\ProgramData\Temp:04B1A0AC
AlternateDataStreams: C:\ProgramData\Temp:04BC9A2C
AlternateDataStreams: C:\ProgramData\Temp:05F547A9
AlternateDataStreams: C:\ProgramData\Temp:0652249D
AlternateDataStreams: C:\ProgramData\Temp:06CC3FD3
AlternateDataStreams: C:\ProgramData\Temp:076F9EF8
AlternateDataStreams: C:\ProgramData\Temp:081C427E
AlternateDataStreams: C:\ProgramData\Temp:084612C9
AlternateDataStreams: C:\ProgramData\Temp:08767DE0
AlternateDataStreams: C:\ProgramData\Temp:099BA123
AlternateDataStreams: C:\ProgramData\Temp:0A5F8BFC
AlternateDataStreams: C:\ProgramData\Temp:0AF6266B
AlternateDataStreams: C:\ProgramData\Temp:0B3F95D0
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:0BABC4C8
AlternateDataStreams: C:\ProgramData\Temp:0BF4DA47
AlternateDataStreams: C:\ProgramData\Temp:0D060666
AlternateDataStreams: C:\ProgramData\Temp:0DB857B9
AlternateDataStreams: C:\ProgramData\Temp:0EAA09AC
AlternateDataStreams: C:\ProgramData\Temp:0EBD727C
AlternateDataStreams: C:\ProgramData\Temp:0EE45B2D
AlternateDataStreams: C:\ProgramData\Temp:0F6AC518
AlternateDataStreams: C:\ProgramData\Temp:0FC68B9A
AlternateDataStreams: C:\ProgramData\Temp:10094A5D
AlternateDataStreams: C:\ProgramData\Temp:102394C6
AlternateDataStreams: C:\ProgramData\Temp:10CB85CA
AlternateDataStreams: C:\ProgramData\Temp:10E0E83D
AlternateDataStreams: C:\ProgramData\Temp:114C90CA
AlternateDataStreams: C:\ProgramData\Temp:11590865
AlternateDataStreams: C:\ProgramData\Temp:115EA582
AlternateDataStreams: C:\ProgramData\Temp:11C7FAE3
AlternateDataStreams: C:\ProgramData\Temp:12258D63
AlternateDataStreams: C:\ProgramData\Temp:12383CAE
AlternateDataStreams: C:\ProgramData\Temp:123CCCBA
AlternateDataStreams: C:\ProgramData\Temp:12D21A9A
AlternateDataStreams: C:\ProgramData\Temp:1309637A
AlternateDataStreams: C:\ProgramData\Temp:134FBDE2
AlternateDataStreams: C:\ProgramData\Temp:16777CF9
AlternateDataStreams: C:\ProgramData\Temp:175721D5
AlternateDataStreams: C:\ProgramData\Temp:18A25CF1
AlternateDataStreams: C:\ProgramData\Temp:19474103
AlternateDataStreams: C:\ProgramData\Temp:195E8317
AlternateDataStreams: C:\ProgramData\Temp:197DD5C6
AlternateDataStreams: C:\ProgramData\Temp:19F8EB29
AlternateDataStreams: C:\ProgramData\Temp:1A052BF6
AlternateDataStreams: C:\ProgramData\Temp:1A7FC483
AlternateDataStreams: C:\ProgramData\Temp:1A81EA30
AlternateDataStreams: C:\ProgramData\Temp:1ABFB99D
AlternateDataStreams: C:\ProgramData\Temp:1B8A258D
AlternateDataStreams: C:\ProgramData\Temp:1B90AAB4
AlternateDataStreams: C:\ProgramData\Temp:1B96CF22
AlternateDataStreams: C:\ProgramData\Temp:1CCE0A1A
AlternateDataStreams: C:\ProgramData\Temp:1CD511E5
AlternateDataStreams: C:\ProgramData\Temp:1CDEDE11
AlternateDataStreams: C:\ProgramData\Temp:1DEE6B65
AlternateDataStreams: C:\ProgramData\Temp:1E2D49E0
AlternateDataStreams: C:\ProgramData\Temp:1E781D0F
AlternateDataStreams: C:\ProgramData\Temp:1E87A273
AlternateDataStreams: C:\ProgramData\Temp:1F062028
AlternateDataStreams: C:\ProgramData\Temp:1F18C33B
AlternateDataStreams: C:\ProgramData\Temp:1F979A92
AlternateDataStreams: C:\ProgramData\Temp:1FA4C06F
AlternateDataStreams: C:\ProgramData\Temp:1FF82161
AlternateDataStreams: C:\ProgramData\Temp:2043337E
AlternateDataStreams: C:\ProgramData\Temp:206470A5
AlternateDataStreams: C:\ProgramData\Temp:2077FAC7
AlternateDataStreams: C:\ProgramData\Temp:20ABE827
AlternateDataStreams: C:\ProgramData\Temp:219DB32E
AlternateDataStreams: C:\ProgramData\Temp:21BB9E99
AlternateDataStreams: C:\ProgramData\Temp:21D64A91
AlternateDataStreams: C:\ProgramData\Temp:220E9B9E
AlternateDataStreams: C:\ProgramData\Temp:23622B8B
AlternateDataStreams: C:\ProgramData\Temp:236FF5C6
AlternateDataStreams: C:\ProgramData\Temp:2433F876
AlternateDataStreams: C:\ProgramData\Temp:244E4E3A
AlternateDataStreams: C:\ProgramData\Temp:2487D1DA
AlternateDataStreams: C:\ProgramData\Temp:25AB2020
AlternateDataStreams: C:\ProgramData\Temp:25F31665
AlternateDataStreams: C:\ProgramData\Temp:2636DE16
AlternateDataStreams: C:\ProgramData\Temp:2640C43F
AlternateDataStreams: C:\ProgramData\Temp:2658F5EB
AlternateDataStreams: C:\ProgramData\Temp:2680DDD5
AlternateDataStreams: C:\ProgramData\Temp:2775F9E2
AlternateDataStreams: C:\ProgramData\Temp:27A88EF2
AlternateDataStreams: C:\ProgramData\Temp:28BE9DE0
AlternateDataStreams: C:\ProgramData\Temp:28DFF83F
AlternateDataStreams: C:\ProgramData\Temp:2A28FA3F
AlternateDataStreams: C:\ProgramData\Temp:2ABB51D4
AlternateDataStreams: C:\ProgramData\Temp:2AC146B9
AlternateDataStreams: C:\ProgramData\Temp:2AD33723
AlternateDataStreams: C:\ProgramData\Temp:2B37CCB6
AlternateDataStreams: C:\ProgramData\Temp:2BFBA0B7
AlternateDataStreams: C:\ProgramData\Temp:2BFCDF84
AlternateDataStreams: C:\ProgramData\Temp:2C8C1CCD
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2D0DFF22
AlternateDataStreams: C:\ProgramData\Temp:2DC8330D
AlternateDataStreams: C:\ProgramData\Temp:2E33E4A6
AlternateDataStreams: C:\ProgramData\Temp:2E636DD9
AlternateDataStreams: C:\ProgramData\Temp:2E928E6E
AlternateDataStreams: C:\ProgramData\Temp:2F0A4DCE
AlternateDataStreams: C:\ProgramData\Temp:2F474C84
AlternateDataStreams: C:\ProgramData\Temp:2F64722A
AlternateDataStreams: C:\ProgramData\Temp:2F717FB3
AlternateDataStreams: C:\ProgramData\Temp:311A2F6A
AlternateDataStreams: C:\ProgramData\Temp:31403DF7
AlternateDataStreams: C:\ProgramData\Temp:31C9BA96
AlternateDataStreams: C:\ProgramData\Temp:320208DA
AlternateDataStreams: C:\ProgramData\Temp:327F441D
AlternateDataStreams: C:\ProgramData\Temp:33E58057
AlternateDataStreams: C:\ProgramData\Temp:33EA030E
AlternateDataStreams: C:\ProgramData\Temp:3487C53E
AlternateDataStreams: C:\ProgramData\Temp:34FDB459
AlternateDataStreams: C:\ProgramData\Temp:35501BA4
AlternateDataStreams: C:\ProgramData\Temp:36ED5C45
AlternateDataStreams: C:\ProgramData\Temp:378824DE
AlternateDataStreams: C:\ProgramData\Temp:384AA0FD
AlternateDataStreams: C:\ProgramData\Temp:391535F9
AlternateDataStreams: C:\ProgramData\Temp:3AB569BA
AlternateDataStreams: C:\ProgramData\Temp:3B622E21
AlternateDataStreams: C:\ProgramData\Temp:3BDF57F4
AlternateDataStreams: C:\ProgramData\Temp:3C8B784A
AlternateDataStreams: C:\ProgramData\Temp:3CEF7764
AlternateDataStreams: C:\ProgramData\Temp:3D3F1635
AlternateDataStreams: C:\ProgramData\Temp:3D507E52
AlternateDataStreams: C:\ProgramData\Temp:3D99ABFE
AlternateDataStreams: C:\ProgramData\Temp:3E200C29
AlternateDataStreams: C:\ProgramData\Temp:3E8A3E87
AlternateDataStreams: C:\ProgramData\Temp:3E8EC09D
AlternateDataStreams: C:\ProgramData\Temp:404908B5
AlternateDataStreams: C:\ProgramData\Temp:406E0034
AlternateDataStreams: C:\ProgramData\Temp:410A2E9A
AlternateDataStreams: C:\ProgramData\Temp:413177C4
AlternateDataStreams: C:\ProgramData\Temp:415E77AB
AlternateDataStreams: C:\ProgramData\Temp:417C2BC3
AlternateDataStreams: C:\ProgramData\Temp:45936E12
AlternateDataStreams: C:\ProgramData\Temp:45E1AC93
AlternateDataStreams: C:\ProgramData\Temp:4675722A
AlternateDataStreams: C:\ProgramData\Temp:46E82A6D
AlternateDataStreams: C:\ProgramData\Temp:474D8B37
AlternateDataStreams: C:\ProgramData\Temp:4762F1D2
AlternateDataStreams: C:\ProgramData\Temp:489EA5E5
AlternateDataStreams: C:\ProgramData\Temp:494E4266
AlternateDataStreams: C:\ProgramData\Temp:4AB83B21
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
AlternateDataStreams: C:\ProgramData\Temp:4B7C28B1
AlternateDataStreams: C:\ProgramData\Temp:4C465B13
AlternateDataStreams: C:\ProgramData\Temp:4C5C1DD3
AlternateDataStreams: C:\ProgramData\Temp:4CFC5F70
AlternateDataStreams: C:\ProgramData\Temp:4D2F454E
AlternateDataStreams: C:\ProgramData\Temp:4D348522
AlternateDataStreams: C:\ProgramData\Temp:4D551822
AlternateDataStreams: C:\ProgramData\Temp:4D8FCBEF
AlternateDataStreams: C:\ProgramData\Temp:4F49DA66
AlternateDataStreams: C:\ProgramData\Temp:4FD3435F
AlternateDataStreams: C:\ProgramData\Temp:4FF6664A
AlternateDataStreams: C:\ProgramData\Temp:5106F19A
AlternateDataStreams: C:\ProgramData\Temp:5164A01F
AlternateDataStreams: C:\ProgramData\Temp:51E83E25
AlternateDataStreams: C:\ProgramData\Temp:532EAB24
AlternateDataStreams: C:\ProgramData\Temp:537E6E55
AlternateDataStreams: C:\ProgramData\Temp:538A9F02
AlternateDataStreams: C:\ProgramData\Temp:53BA2DF6
AlternateDataStreams: C:\ProgramData\Temp:54403233
AlternateDataStreams: C:\ProgramData\Temp:5453E5AF
AlternateDataStreams: C:\ProgramData\Temp:54F0BBF5
AlternateDataStreams: C:\ProgramData\Temp:5539129F
AlternateDataStreams: C:\ProgramData\Temp:574311A1
AlternateDataStreams: C:\ProgramData\Temp:57DFBE4E
AlternateDataStreams: C:\ProgramData\Temp:59A0D78A
AlternateDataStreams: C:\ProgramData\Temp:5A7229F8
AlternateDataStreams: C:\ProgramData\Temp:5A9F1AE5
AlternateDataStreams: C:\ProgramData\Temp:5ACE199E
AlternateDataStreams: C:\ProgramData\Temp:5AF26A5B
AlternateDataStreams: C:\ProgramData\Temp:5B3CBF6B
AlternateDataStreams: C:\ProgramData\Temp:5B483FBC
AlternateDataStreams: C:\ProgramData\Temp:5C02B7AF
AlternateDataStreams: C:\ProgramData\Temp:5C1EAB4E
AlternateDataStreams: C:\ProgramData\Temp:5C353220
AlternateDataStreams: C:\ProgramData\Temp:5C3637D2
AlternateDataStreams: C:\ProgramData\Temp:5C92988B
AlternateDataStreams: C:\ProgramData\Temp:5C9A6C78
AlternateDataStreams: C:\ProgramData\Temp:5CB83528
AlternateDataStreams: C:\ProgramData\Temp:5D1BA9DE
AlternateDataStreams: C:\ProgramData\Temp:5DB36C47
AlternateDataStreams: C:\ProgramData\Temp:5DD4100E
AlternateDataStreams: C:\ProgramData\Temp:5E113D9C
AlternateDataStreams: C:\ProgramData\Temp:5E209A50
AlternateDataStreams: C:\ProgramData\Temp:5E21B96B
AlternateDataStreams: C:\ProgramData\Temp:5E24C78B
AlternateDataStreams: C:\ProgramData\Temp:5E481579
AlternateDataStreams: C:\ProgramData\Temp:5ECEFF17
AlternateDataStreams: C:\ProgramData\Temp:5FC043A8
AlternateDataStreams: C:\ProgramData\Temp:605645B0
AlternateDataStreams: C:\ProgramData\Temp:60AC3BC3
AlternateDataStreams: C:\ProgramData\Temp:6259454D
AlternateDataStreams: C:\ProgramData\Temp:627B7F7C
AlternateDataStreams: C:\ProgramData\Temp:6294B369
AlternateDataStreams: C:\ProgramData\Temp:629F8518
AlternateDataStreams: C:\ProgramData\Temp:62AF94A0
AlternateDataStreams: C:\ProgramData\Temp:639BB5E9
AlternateDataStreams: C:\ProgramData\Temp:63BA523E
AlternateDataStreams: C:\ProgramData\Temp:63C48B80
AlternateDataStreams: C:\ProgramData\Temp:64170090
AlternateDataStreams: C:\ProgramData\Temp:641A21EA
AlternateDataStreams: C:\ProgramData\Temp:6473219F
AlternateDataStreams: C:\ProgramData\Temp:64996B1C
AlternateDataStreams: C:\ProgramData\Temp:64E05835
AlternateDataStreams: C:\ProgramData\Temp:65137F0D
AlternateDataStreams: C:\ProgramData\Temp:65684E14
AlternateDataStreams: C:\ProgramData\Temp:658DE22A
AlternateDataStreams: C:\ProgramData\Temp:65949863
AlternateDataStreams: C:\ProgramData\Temp:65FE83E4
AlternateDataStreams: C:\ProgramData\Temp:667D4A95
AlternateDataStreams: C:\ProgramData\Temp:6684C48E
AlternateDataStreams: C:\ProgramData\Temp:669AB5E1
AlternateDataStreams: C:\ProgramData\Temp:66F19688
AlternateDataStreams: C:\ProgramData\Temp:66FC2E6F
AlternateDataStreams: C:\ProgramData\Temp:6757F885
AlternateDataStreams: C:\ProgramData\Temp:678C1866
AlternateDataStreams: C:\ProgramData\Temp:67D43EFA
AlternateDataStreams: C:\ProgramData\Temp:68198EE3
AlternateDataStreams: C:\ProgramData\Temp:6915E961
AlternateDataStreams: C:\ProgramData\Temp:6A4DFD85
AlternateDataStreams: C:\ProgramData\Temp:6A609C67
AlternateDataStreams: C:\ProgramData\Temp:6B28173C
AlternateDataStreams: C:\ProgramData\Temp:6B3B5466
AlternateDataStreams: C:\ProgramData\Temp:6BE79E11
AlternateDataStreams: C:\ProgramData\Temp:6CF828C2
AlternateDataStreams: C:\ProgramData\Temp:6D208D7A
AlternateDataStreams: C:\ProgramData\Temp:6D5A15BF
AlternateDataStreams: C:\ProgramData\Temp:6D65CED0
AlternateDataStreams: C:\ProgramData\Temp:6DD124E2
AlternateDataStreams: C:\ProgramData\Temp:6DDBB86B
AlternateDataStreams: C:\ProgramData\Temp:6E39144C
AlternateDataStreams: C:\ProgramData\Temp:6E68A2AA
AlternateDataStreams: C:\ProgramData\Temp:6ECE93A8
AlternateDataStreams: C:\ProgramData\Temp:6F39FFF1
AlternateDataStreams: C:\ProgramData\Temp:703C37CD
AlternateDataStreams: C:\ProgramData\Temp:70989864
AlternateDataStreams: C:\ProgramData\Temp:70A233C0
AlternateDataStreams: C:\ProgramData\Temp:72449E7D
AlternateDataStreams: C:\ProgramData\Temp:7247FE29
AlternateDataStreams: C:\ProgramData\Temp:72C99D4E
AlternateDataStreams: C:\ProgramData\Temp:737160C1
AlternateDataStreams: C:\ProgramData\Temp:737A9499
AlternateDataStreams: C:\ProgramData\Temp:73BFB1E8
AlternateDataStreams: C:\ProgramData\Temp:744ABBEC
AlternateDataStreams: C:\ProgramData\Temp:747457CF
AlternateDataStreams: C:\ProgramData\Temp:754E278B
AlternateDataStreams: C:\ProgramData\Temp:7602A0B5
AlternateDataStreams: C:\ProgramData\Temp:7687A3E3
AlternateDataStreams: C:\ProgramData\Temp:76EA2B29
AlternateDataStreams: C:\ProgramData\Temp:78696BCD
AlternateDataStreams: C:\ProgramData\Temp:79059537
AlternateDataStreams: C:\ProgramData\Temp:79875988
AlternateDataStreams: C:\ProgramData\Temp:79A5FEDF
AlternateDataStreams: C:\ProgramData\Temp:7A2D9D9C
AlternateDataStreams: C:\ProgramData\Temp:7B8AF9AA
AlternateDataStreams: C:\ProgramData\Temp:7BFFC6A9
AlternateDataStreams: C:\ProgramData\Temp:7C3760E2
AlternateDataStreams: C:\ProgramData\Temp:7C5E403A
AlternateDataStreams: C:\ProgramData\Temp:7D04F8E2
AlternateDataStreams: C:\ProgramData\Temp:7D9B1030
AlternateDataStreams: C:\ProgramData\Temp:7DB61FD4
AlternateDataStreams: C:\ProgramData\Temp:7E06FCA3
AlternateDataStreams: C:\ProgramData\Temp:7E0EFF7B
AlternateDataStreams: C:\ProgramData\Temp:7F477B0D
AlternateDataStreams: C:\ProgramData\Temp:7F4D8125
AlternateDataStreams: C:\ProgramData\Temp:7FA0D639
AlternateDataStreams: C:\ProgramData\Temp:7FD8AECC
AlternateDataStreams: C:\ProgramData\Temp:80253E8D
AlternateDataStreams: C:\ProgramData\Temp:806E55F5
AlternateDataStreams: C:\ProgramData\Temp:8095C004
AlternateDataStreams: C:\ProgramData\Temp:80974241
AlternateDataStreams: C:\ProgramData\Temp:80FA23CA
AlternateDataStreams: C:\ProgramData\Temp:8118F1F5
AlternateDataStreams: C:\ProgramData\Temp:81770A6F
AlternateDataStreams: C:\ProgramData\Temp:82756AB7
AlternateDataStreams: C:\ProgramData\Temp:82D85D00
AlternateDataStreams: C:\ProgramData\Temp:839A89FC
AlternateDataStreams: C:\ProgramData\Temp:84C34762
AlternateDataStreams: C:\ProgramData\Temp:860356DC
AlternateDataStreams: C:\ProgramData\Temp:8634D9A3
AlternateDataStreams: C:\ProgramData\Temp:865F21BF
AlternateDataStreams: C:\ProgramData\Temp:86A7B7DD
AlternateDataStreams: C:\ProgramData\Temp:871526BA
AlternateDataStreams: C:\ProgramData\Temp:874ADA37
AlternateDataStreams: C:\ProgramData\Temp:8751B175
AlternateDataStreams: C:\ProgramData\Temp:87E3D720
AlternateDataStreams: C:\ProgramData\Temp:8868F8ED
AlternateDataStreams: C:\ProgramData\Temp:88C5973F
AlternateDataStreams: C:\ProgramData\Temp:89CC3B44
AlternateDataStreams: C:\ProgramData\Temp:8A148405
AlternateDataStreams: C:\ProgramData\Temp:8A459C3C
AlternateDataStreams: C:\ProgramData\Temp:8AB2162E
AlternateDataStreams: C:\ProgramData\Temp:8B076EC5
AlternateDataStreams: C:\ProgramData\Temp:8B3C3098
AlternateDataStreams: C:\ProgramData\Temp:8C3C65BE
AlternateDataStreams: C:\ProgramData\Temp:8C84E358
AlternateDataStreams: C:\ProgramData\Temp:8C8D234C
AlternateDataStreams: C:\ProgramData\Temp:8D335A79
AlternateDataStreams: C:\ProgramData\Temp:8D565A9B
AlternateDataStreams: C:\ProgramData\Temp:8DBCF585
AlternateDataStreams: C:\ProgramData\Temp:8DC0DCD2
AlternateDataStreams: C:\ProgramData\Temp:8E11CC80
AlternateDataStreams: C:\ProgramData\Temp:8E3E8227
AlternateDataStreams: C:\ProgramData\Temp:8EBAFFA8
AlternateDataStreams: C:\ProgramData\Temp:90A1FCDA
AlternateDataStreams: C:\ProgramData\Temp:90BDAE7B
AlternateDataStreams: C:\ProgramData\Temp:90C5140C
AlternateDataStreams: C:\ProgramData\Temp:91244A8F
AlternateDataStreams: C:\ProgramData\Temp:9124663C
AlternateDataStreams: C:\ProgramData\Temp:918A387B
AlternateDataStreams: C:\ProgramData\Temp:922DA2DB
AlternateDataStreams: C:\ProgramData\Temp:92C8CBEF
AlternateDataStreams: C:\ProgramData\Temp:92D35C13
AlternateDataStreams: C:\ProgramData\Temp:92D91D7E
AlternateDataStreams: C:\ProgramData\Temp:9331E9D2
AlternateDataStreams: C:\ProgramData\Temp:933D54A9
AlternateDataStreams: C:\ProgramData\Temp:93F3E4C9
AlternateDataStreams: C:\ProgramData\Temp:94A31742
AlternateDataStreams: C:\ProgramData\Temp:95079543
AlternateDataStreams: C:\ProgramData\Temp:9510DF8F
AlternateDataStreams: C:\ProgramData\Temp:95460138
AlternateDataStreams: C:\ProgramData\Temp:95775248
AlternateDataStreams: C:\ProgramData\Temp:95D421DF
AlternateDataStreams: C:\ProgramData\Temp:95FC57E0
AlternateDataStreams: C:\ProgramData\Temp:968CA408
AlternateDataStreams: C:\ProgramData\Temp:968F624D
AlternateDataStreams: C:\ProgramData\Temp:970A6091
AlternateDataStreams: C:\ProgramData\Temp:97AAB7F2
AlternateDataStreams: C:\ProgramData\Temp:97BDBF49
AlternateDataStreams: C:\ProgramData\Temp:98BD93BF
AlternateDataStreams: C:\ProgramData\Temp:991283D0
AlternateDataStreams: C:\ProgramData\Temp:993185CB
AlternateDataStreams: C:\ProgramData\Temp:99712C6B
AlternateDataStreams: C:\ProgramData\Temp:99F8C0E6
AlternateDataStreams: C:\ProgramData\Temp:9A60A5B3
AlternateDataStreams: C:\ProgramData\Temp:9A88B65D
AlternateDataStreams: C:\ProgramData\Temp:9AC8424E
AlternateDataStreams: C:\ProgramData\Temp:9B3B8E95
AlternateDataStreams: C:\ProgramData\Temp:9B711F92
AlternateDataStreams: C:\ProgramData\Temp:9C6014C6
AlternateDataStreams: C:\ProgramData\Temp:9C7A32BB
AlternateDataStreams: C:\ProgramData\Temp:9CE870B8
AlternateDataStreams: C:\ProgramData\Temp:9D0A16E4
AlternateDataStreams: C:\ProgramData\Temp:9E05DEB0
AlternateDataStreams: C:\ProgramData\Temp:9E0656EC
AlternateDataStreams: C:\ProgramData\Temp:9E410D29
AlternateDataStreams: C:\ProgramData\Temp:9E519D0B
AlternateDataStreams: C:\ProgramData\Temp:9F2D4EFA
AlternateDataStreams: C:\ProgramData\Temp:9F68E699
AlternateDataStreams: C:\ProgramData\Temp:9FC58CBB
AlternateDataStreams: C:\ProgramData\Temp:A13B696A
AlternateDataStreams: C:\ProgramData\Temp:A19DFC74
AlternateDataStreams: C:\ProgramData\Temp:A1FD5369
AlternateDataStreams: C:\ProgramData\Temp:A26C6E72
AlternateDataStreams: C:\ProgramData\Temp:A39BC668
AlternateDataStreams: C:\ProgramData\Temp:A3B8F70C
AlternateDataStreams: C:\ProgramData\Temp:A3E0A552
AlternateDataStreams: C:\ProgramData\Temp:A43EC514
AlternateDataStreams: C:\ProgramData\Temp:A4560327
AlternateDataStreams: C:\ProgramData\Temp:A4B4192F
AlternateDataStreams: C:\ProgramData\Temp:A5948878
AlternateDataStreams: C:\ProgramData\Temp:A673F81E
AlternateDataStreams: C:\ProgramData\Temp:A6E01F67
AlternateDataStreams: C:\ProgramData\Temp:A6F30843
AlternateDataStreams: C:\ProgramData\Temp:A7856354
AlternateDataStreams: C:\ProgramData\Temp:A78B31DD
AlternateDataStreams: C:\ProgramData\Temp:A7964713
AlternateDataStreams: C:\ProgramData\Temp:A798AA1A
AlternateDataStreams: C:\ProgramData\Temp:A7BB14DF
AlternateDataStreams: C:\ProgramData\Temp:A8185163
AlternateDataStreams: C:\ProgramData\Temp:A88B7896
AlternateDataStreams: C:\ProgramData\Temp:A8ADEA55
AlternateDataStreams: C:\ProgramData\Temp:A9562832
AlternateDataStreams: C:\ProgramData\Temp:A95AB9BF
AlternateDataStreams: C:\ProgramData\Temp:A9F877BF
AlternateDataStreams: C:\ProgramData\Temp:AA5A61B2
AlternateDataStreams: C:\ProgramData\Temp:AABECEFB
AlternateDataStreams: C:\ProgramData\Temp:AB501812
AlternateDataStreams: C:\ProgramData\Temp:AC4119D5
AlternateDataStreams: C:\ProgramData\Temp:AE0B4487
AlternateDataStreams: C:\ProgramData\Temp:AE34D87E
AlternateDataStreams: C:\ProgramData\Temp:AF191C57
AlternateDataStreams: C:\ProgramData\Temp:AF841BA9
AlternateDataStreams: C:\ProgramData\Temp:AFBD0680
AlternateDataStreams: C:\ProgramData\Temp:B0BE4B3D
AlternateDataStreams: C:\ProgramData\Temp:B1786630
AlternateDataStreams: C:\ProgramData\Temp:B1997945
AlternateDataStreams: C:\ProgramData\Temp:B2112CA5
AlternateDataStreams: C:\ProgramData\Temp:B285A50E
AlternateDataStreams: C:\ProgramData\Temp:B2EDDE72
AlternateDataStreams: C:\ProgramData\Temp:B3606FCC
AlternateDataStreams: C:\ProgramData\Temp:B36361EE
AlternateDataStreams: C:\ProgramData\Temp:B3A5945E
AlternateDataStreams: C:\ProgramData\Temp:B3A7E7F8
AlternateDataStreams: C:\ProgramData\Temp:B3D50E25
AlternateDataStreams: C:\ProgramData\Temp:B4530133
AlternateDataStreams: C:\ProgramData\Temp:B47A7270
AlternateDataStreams: C:\ProgramData\Temp:B50D8729
AlternateDataStreams: C:\ProgramData\Temp:B61767F5
AlternateDataStreams: C:\ProgramData\Temp:B65E763D
AlternateDataStreams: C:\ProgramData\Temp:B69CF390
AlternateDataStreams: C:\ProgramData\Temp:B6E58523
AlternateDataStreams: C:\ProgramData\Temp:B74BD6BF
AlternateDataStreams: C:\ProgramData\Temp:B761039D
AlternateDataStreams: C:\ProgramData\Temp:B779C113
AlternateDataStreams: C:\ProgramData\Temp:B8408597
AlternateDataStreams: C:\ProgramData\Temp:B86642C5
AlternateDataStreams: C:\ProgramData\Temp:B8791731
AlternateDataStreams: C:\ProgramData\Temp:B88DC997
AlternateDataStreams: C:\ProgramData\Temp:B9A99598
AlternateDataStreams: C:\ProgramData\Temp:B9C6EB6C
AlternateDataStreams: C:\ProgramData\Temp:BA516E94
AlternateDataStreams: C:\ProgramData\Temp:BC064EDB
AlternateDataStreams: C:\ProgramData\Temp:BCFEA004
AlternateDataStreams: C:\ProgramData\Temp:BD34FFC5
AlternateDataStreams: C:\ProgramData\Temp:BD7D604C
AlternateDataStreams: C:\ProgramData\Temp:BD84F7D6
AlternateDataStreams: C:\ProgramData\Temp:BD932D90
AlternateDataStreams: C:\ProgramData\Temp:BDC0F56E
AlternateDataStreams: C:\ProgramData\Temp:BDD83DC4
AlternateDataStreams: C:\ProgramData\Temp:BDDA21B6
AlternateDataStreams: C:\ProgramData\Temp:BE621C19
AlternateDataStreams: C:\ProgramData\Temp:BE6D17E7
AlternateDataStreams: C:\ProgramData\Temp:BECA50FF
AlternateDataStreams: C:\ProgramData\Temp:BEE39E9B
AlternateDataStreams: C:\ProgramData\Temp:BEF18713
AlternateDataStreams: C:\ProgramData\Temp:BF2225C8
AlternateDataStreams: C:\ProgramData\Temp:BF640EE5
AlternateDataStreams: C:\ProgramData\Temp:C0C3DC67
AlternateDataStreams: C:\ProgramData\Temp:C1086564
AlternateDataStreams: C:\ProgramData\Temp:C26A6AB3
AlternateDataStreams: C:\ProgramData\Temp:C2E091F5
AlternateDataStreams: C:\ProgramData\Temp:C4CB6EA6
AlternateDataStreams: C:\ProgramData\Temp:C5340FA1
AlternateDataStreams: C:\ProgramData\Temp:C55217E2
AlternateDataStreams: C:\ProgramData\Temp:C5A156B6
AlternateDataStreams: C:\ProgramData\Temp:C5EF5E3C
AlternateDataStreams: C:\ProgramData\Temp:C605E0E1
AlternateDataStreams: C:\ProgramData\Temp:C6104C4F
AlternateDataStreams: C:\ProgramData\Temp:C76D8487
AlternateDataStreams: C:\ProgramData\Temp:C7C3B621
AlternateDataStreams: C:\ProgramData\Temp:C87C3E2C
AlternateDataStreams: C:\ProgramData\Temp:C98828D3
AlternateDataStreams: C:\ProgramData\Temp:CB8C8B5D
AlternateDataStreams: C:\ProgramData\Temp:CBAB74CB
AlternateDataStreams: C:\ProgramData\Temp:CC6A54A8
AlternateDataStreams: C:\ProgramData\Temp:CCB49694
AlternateDataStreams: C:\ProgramData\Temp:CF8AEC6E
AlternateDataStreams: C:\ProgramData\Temp:CFE19728
AlternateDataStreams: C:\ProgramData\Temp:D0149AB4
AlternateDataStreams: C:\ProgramData\Temp:D09846EF
AlternateDataStreams: C:\ProgramData\Temp:D115F6E4
AlternateDataStreams: C:\ProgramData\Temp:D1AE9882
AlternateDataStreams: C:\ProgramData\Temp:D1D63BCA
AlternateDataStreams: C:\ProgramData\Temp:D254266B
AlternateDataStreams: C:\ProgramData\Temp:D276CDF4
AlternateDataStreams: C:\ProgramData\Temp:D3331ADB
AlternateDataStreams: C:\ProgramData\Temp:D4E62FA9
AlternateDataStreams: C:\ProgramData\Temp:D5D75FF0
AlternateDataStreams: C:\ProgramData\Temp:D5DAEF21
AlternateDataStreams: C:\ProgramData\Temp:D64DD961
AlternateDataStreams: C:\ProgramData\Temp:D696AA12
AlternateDataStreams: C:\ProgramData\Temp:D7740E2A
AlternateDataStreams: C:\ProgramData\Temp:D7F8D8A2
AlternateDataStreams: C:\ProgramData\Temp:D873B001
AlternateDataStreams: C:\ProgramData\Temp:D8A1AC56
AlternateDataStreams: C:\ProgramData\Temp:D8F64D5A
AlternateDataStreams: C:\ProgramData\Temp:D987CB43
AlternateDataStreams: C:\ProgramData\Temp:D9E6828A
AlternateDataStreams: C:\ProgramData\Temp:DA378DD8
AlternateDataStreams: C:\ProgramData\Temp:DC443F57
AlternateDataStreams: C:\ProgramData\Temp:DC7EDF41
AlternateDataStreams: C:\ProgramData\Temp:DC8E5CD4
AlternateDataStreams: C:\ProgramData\Temp:DD311F1E
AlternateDataStreams: C:\ProgramData\Temp:DD6F157A
AlternateDataStreams: C:\ProgramData\Temp:DDE3F219
AlternateDataStreams: C:\ProgramData\Temp:DF2F7240
AlternateDataStreams: C:\ProgramData\Temp:DFC3B090
AlternateDataStreams: C:\ProgramData\Temp:DFDBC05C
AlternateDataStreams: C:\ProgramData\Temp:DFFB9E98
AlternateDataStreams: C:\ProgramData\Temp:E1ABC2C7
AlternateDataStreams: C:\ProgramData\Temp:E1D06077
AlternateDataStreams: C:\ProgramData\Temp:E2DDFA62
AlternateDataStreams: C:\ProgramData\Temp:E326D1D1
AlternateDataStreams: C:\ProgramData\Temp:E32D2701
AlternateDataStreams: C:\ProgramData\Temp:E33D8F51
AlternateDataStreams: C:\ProgramData\Temp:E369983A
AlternateDataStreams: C:\ProgramData\Temp:E3B0ACE0
AlternateDataStreams: C:\ProgramData\Temp:E3D3D379
AlternateDataStreams: C:\ProgramData\Temp:E402E439
AlternateDataStreams: C:\ProgramData\Temp:E40D7F76
AlternateDataStreams: C:\ProgramData\Temp:E4272706
AlternateDataStreams: C:\ProgramData\Temp:E446CB48
AlternateDataStreams: C:\ProgramData\Temp:E4996D81
AlternateDataStreams: C:\ProgramData\Temp:E5CD413B
AlternateDataStreams: C:\ProgramData\Temp:E633C759
AlternateDataStreams: C:\ProgramData\Temp:E69366D6
AlternateDataStreams: C:\ProgramData\Temp:E6B95E40
AlternateDataStreams: C:\ProgramData\Temp:E6ED90A6
AlternateDataStreams: C:\ProgramData\Temp:E81603BC
AlternateDataStreams: C:\ProgramData\Temp:E83EE313
AlternateDataStreams: C:\ProgramData\Temp:E9049821
AlternateDataStreams: C:\ProgramData\Temp:E96A2658
AlternateDataStreams: C:\ProgramData\Temp:EA2D3047
AlternateDataStreams: C:\ProgramData\Temp:EA75C0D4
AlternateDataStreams: C:\ProgramData\Temp:EAE818E4
AlternateDataStreams: C:\ProgramData\Temp:EBE194FC
AlternateDataStreams: C:\ProgramData\Temp:EC3A9923
AlternateDataStreams: C:\ProgramData\Temp:EC769091
AlternateDataStreams: C:\ProgramData\Temp:EC925502
AlternateDataStreams: C:\ProgramData\Temp:EC970DB6
AlternateDataStreams: C:\ProgramData\Temp:ED796303
AlternateDataStreams: C:\ProgramData\Temp:ED92736E
AlternateDataStreams: C:\ProgramData\Temp:EDBEBF9F
AlternateDataStreams: C:\ProgramData\Temp:EDE28CFC
AlternateDataStreams: C:\ProgramData\Temp:EE69D7DF
AlternateDataStreams: C:\ProgramData\Temp:EF0BD3A1
AlternateDataStreams: C:\ProgramData\Temp:EF0D9BBA
AlternateDataStreams: C:\ProgramData\Temp:EF123AF6
AlternateDataStreams: C:\ProgramData\Temp:EF53A5CA
AlternateDataStreams: C:\ProgramData\Temp:EFF3C3C8
AlternateDataStreams: C:\ProgramData\Temp:F001F3C1
AlternateDataStreams: C:\ProgramData\Temp:F0F90DC6
AlternateDataStreams: C:\ProgramData\Temp:F13867C6
AlternateDataStreams: C:\ProgramData\Temp:F13DDA30
AlternateDataStreams: C:\ProgramData\Temp:F193BFCF
AlternateDataStreams: C:\ProgramData\Temp:F2E878EB
AlternateDataStreams: C:\ProgramData\Temp:F2F0A8AC
AlternateDataStreams: C:\ProgramData\Temp:F301EDA7
AlternateDataStreams: C:\ProgramData\Temp:F4BF61E8
AlternateDataStreams: C:\ProgramData\Temp:F5E90ED3
AlternateDataStreams: C:\ProgramData\Temp:F68CB1A4
AlternateDataStreams: C:\ProgramData\Temp:F6DA3F39
AlternateDataStreams: C:\ProgramData\Temp:F7401CCF
AlternateDataStreams: C:\ProgramData\Temp:F74EC668
AlternateDataStreams: C:\ProgramData\Temp:F7F4DC88
AlternateDataStreams: C:\ProgramData\Temp:F7FFE8AF
AlternateDataStreams: C:\ProgramData\Temp:F816645E
AlternateDataStreams: C:\ProgramData\Temp:F817E159
AlternateDataStreams: C:\ProgramData\Temp:F8A53745
AlternateDataStreams: C:\ProgramData\Temp:F9283DA1
AlternateDataStreams: C:\ProgramData\Temp:F95CF899
AlternateDataStreams: C:\ProgramData\Temp:FA29CA24
AlternateDataStreams: C:\ProgramData\Temp:FA7523FF
AlternateDataStreams: C:\ProgramData\Temp:FA7EAF8F
AlternateDataStreams: C:\ProgramData\Temp:FB0D0243
AlternateDataStreams: C:\ProgramData\Temp:FB4262DE
AlternateDataStreams: C:\ProgramData\Temp:FBF21B24
AlternateDataStreams: C:\ProgramData\Temp:FD11E093
AlternateDataStreams: C:\ProgramData\Temp:FD6D11C9
AlternateDataStreams: C:\ProgramData\Temp:FD7DCDA6
AlternateDataStreams: C:\ProgramData\Temp:FE1028DD
AlternateDataStreams: C:\ProgramData\Temp:FF717A18
AlternateDataStreams: C:\ProgramData\Temp:FF747CFB
AlternateDataStreams: C:\ProgramData\Temp:FFA396CD
AlternateDataStreams: C:\ProgramData\Temp:FFC3922F
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2902022946-1923035353-1889978951-500 - Administrator - Disabled)
Guest (S-1-5-21-2902022946-1923035353-1889978951-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2902022946-1923035353-1889978951-1002 - Limited - Enabled)
Marvin (S-1-5-21-2902022946-1923035353-1889978951-1000 - Administrator - Enabled) => C:\Users\Marvin
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/25/2014 08:15:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28644451
 
Error: (10/25/2014 08:15:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28644451
 
Error: (10/25/2014 08:15:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/24/2014 11:42:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13263627
 
Error: (10/24/2014 11:42:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13263627
 
Error: (10/24/2014 11:42:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/19/2014 10:12:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgmfapx.exe, version: 15.0.0.5513, time stamp: 0x542b306f
Faulting module name: avgupdx.dll, version: 15.0.0.5513, time stamp: 0x542b3013
Exception code: 0xc0000005
Fault offset: 0x00010d33
Faulting process id: 0x17c0
Faulting application start time: 0xavgmfapx.exe0
Faulting application path: avgmfapx.exe1
Faulting module path: avgmfapx.exe2
Report Id: avgmfapx.exe3
 
Error: (10/19/2014 10:08:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 38.0.2125.104 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1dc4
 
Start Time: 01cfebae7acc7020
 
Termination Time: 15
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: c5af7e64-57a1-11e4-b75a-f91eb6435cb0
 
Error: (10/19/2014 09:20:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15616
 
Error: (10/19/2014 09:20:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15616
 
 
System errors:
=============
Error: (10/25/2014 08:35:20 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/25/2014 08:34:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (10/25/2014 08:34:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (10/25/2014 08:34:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (10/25/2014 08:34:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (10/25/2014 08:34:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (10/25/2014 08:34:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (10/25/2014 08:34:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
Error: (10/25/2014 08:34:28 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (10/25/2014 08:34:27 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
 
Microsoft Office Sessions:
=========================
Error: (10/25/2014 08:15:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28644451
 
Error: (10/25/2014 08:15:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28644451
 
Error: (10/25/2014 08:15:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/24/2014 11:42:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13263627
 
Error: (10/24/2014 11:42:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13263627
 
Error: (10/24/2014 11:42:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/19/2014 10:12:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgmfapx.exe15.0.0.5513542b306favgupdx.dll15.0.0.5513542b3013c000000500010d3317c001cfebaecc875519C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exeC:\Program Files (x86)\AVG\AVG2015\avgupdx.dll486345d4-57a2-11e4-b75a-f91eb6435cb0
 
Error: (10/19/2014 10:08:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe38.0.2125.1041dc401cfebae7acc702015C:\Program Files (x86)\Google\Chrome\Application\chrome.exec5af7e64-57a1-11e4-b75a-f91eb6435cb0
 
Error: (10/19/2014 09:20:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15616
 
Error: (10/19/2014 09:20:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15616
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-25 08:22:12.811
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-19 10:10:42.789
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-19 08:51:33.486
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-19 08:08:17.047
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-18 16:48:13.834
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-18 07:10:16.711
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-18 03:57:01.783
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-17 21:42:14.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-17 21:16:36.666
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-17 20:20:21.415
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-3600 APU with Radeon™ HD Graphics
Percentage of memory in use: 23%
Total physical RAM: 5616.6 MB
Available physical RAM: 4277.72 MB
Total Pagefile: 11231.38 MB
Available Pagefile: 9915.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:919.87 GB) (Free:705.52 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.54 GB) (Free:1.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D95CF615)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:17 AM

Posted 25 October 2014 - 12:01 PM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 candigram

candigram
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 25 October 2014 - 03:26 PM

I appreciate the assist...am running scans now and will post logs asap

Candigram

#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:17 AM

Posted 25 October 2014 - 03:36 PM

OK

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 candigram

candigram
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 25 October 2014 - 04:30 PM

adw cleaner log

 

# AdwCleaner v4.001 - Report created 25/10/2014 at 14:52:12
# DB v2014-10-23.2
# Updated 20/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Marvin - MARVIN-HP
# Running from : C:\Users\Marvin\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Public\Documents\iWin
Folder Deleted : C:\Users\Marvin\AppData\Roaming\quickclick
Folder Deleted : C:\Users\Marvin\AppData\Roaming\Uniblue
[#] Folder Deleted : C:\ProgramData\Alawar Stargaze
Folder Deleted : C:\Users\Marvin\AppData\Roaming\Alawar Stargaze
Folder Deleted : C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : RunAsStdUser Task
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
 
 
-\\ Google Chrome v38.0.2125.104
 
 
*************************
 
AdwCleaner[R0].txt - [2954 octets] - [25/10/2014 13:36:48]
AdwCleaner[R1].txt - [3411 octets] - [25/10/2014 13:39:36]
AdwCleaner[S0].txt - [3014 octets] - [25/10/2014 14:52:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3074 octets] ##########

malwarebytes log

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/25/2014
Scan Time: 2:59:58 PM
Logfile: Malwarebytes logs.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.10.25.05
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Marvin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345566
Time Elapsed: 17 min, 45 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

jrt log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by Marvin on Sat 10/25/2014 at 15:22:37.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Marvin\AppData\Roaming\mozilla\firefox\profiles\r5irfcgj.default\minidumps [395 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Marvin\appdata\local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/25/2014 at 15:28:54.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#14 candigram

candigram
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 25 October 2014 - 04:35 PM

  Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2014

Ran by Marvin (administrator) on MARVIN-HP on 25-10-2014 16:33:20
Running from C:\Users\Marvin\Desktop
Loaded Profile: Marvin (Available profiles: Marvin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-24] (IDT, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\pcTrayApp.exe [2790400 2012-11-15] (Alcatel-Lucent)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [110192 2010-05-13] ()
HKLM-x32\...\Run: [DT ACR] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2012-04-13] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-10-29] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3778576 2014-10-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard)
HKLM\...\RunOnce: [PCDrProfiler] => C:\Program Files\PC-Doctor for Windows\RunProfiler.exe [136176 2009-06-26] (PC-Doctor, Inc.)
HKU\S-1-5-21-2902022946-1923035353-1889978951-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1937600 2014-08-13] (Valve Corporation)
HKU\S-1-5-21-2902022946-1923035353-1889978951-1000\...\Run: [KGShareApp] => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-02-03] (Eastman Kodak Company)
HKU\S-1-5-21-2902022946-1923035353-1889978951-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [3182 2014-10-25] ()
HKU\S-1-5-21-2902022946-1923035353-1889978951-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {0D731642-FF8D-43B5-8E81-54E882BA14BB} URL = 
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Diamond%20Detective/Images/stg_drm.ocx
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: HKLM-x32 {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: HKLM-x32 {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: HKLM-x32 {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinner.com/games/v43/paint/paint.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Diamond%20Detective/Images/armhelper.ocx
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\r5irfcgj.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marvin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Zombie Keys - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\r5irfcgj.default\Extensions\zombiekeys@bolay.de.xpi [2014-02-19]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "https://mail.google.com/mail/ca/u/0/#inbox", "https://mail.google.com/mail/ca/u/2/#inbox", "https://mail.google.com/mail/ca/u/0/?ui=2&shva=1#inbox", "https://mail.google.com/mail/ca/u/1/#inbox", "https://trello.com/board/re-inclusion-project/50aab3e9a8e79c4a0b0006d5", "https://drive.google.com/a/stripes39.com/?tab=mo#my-drive", "hxxp://www.searchnu.com/406", "hxxp://mysearch.avg.com/?cid={53A09773-AE42-43DC-9B57-21F6D22FD0E3}&mid=266ee72c3c1f47d39dd5693f79c66dcf-72f696d916a902419abe6f265d1422fb0c0e6f5d&lang=en&ds=AVG&pr=fr&d=2013-08-20 19:04:31&v=15.4.0.5&pid=safeguard&sg=0&sap=hp", "hxxp://mysearch.avg.com/?cid={53A09773-AE42-43DC-9B57-21F6D22FD0E3}&mid=266ee72c3c1f47d39dd5693f79c66dcf-72f696d916a902419abe6f265d1422fb0c0e6f5d&lang=en&ds=AVG&pr=fr&d=2013-08-29 21:05:22&v=15.6.1.2&pid=safeguard&sg=0&sap=hp", "hxxp://mysearch.avg.com?cid={53A09773-AE42-43DC-9B57-21F6D22FD0E3}&mid=266ee72c3c1f47d39dd5693f79c66dcf-72f696d916a902419abe6f265d1422fb0c0e6f5d&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 20:29:32&v=18.1.0.443&pid=safeguard&sg=0&sap=hp", "hxxp://mysearch.avg.com?cid={53A09773-AE42-43DC-9B57-21F6D22FD0E3}&mid=266ee72c3c1f47d39dd5693f79c66dcf-72f696d916a902419abe6f265d1422fb0c0e6f5d&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 20:29:32&v=18.1.5.512&pid=safeguard&sg=0&sap=hp", "hxxp://mysearch.avg.com?cid={53A09773-AE42-43DC-9B57-21F6D22FD0E3}&mid=266ee72c3c1f47d39dd5693f79c66dcf-72f696d916a902419abe6f265d1422fb0c0e6f5d&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 20:29:32&v=18.1.7.598&pid=safeguard&sg=0&sap=hp"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bejeweled) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-06-15]
CHR Extension: (Google Docs) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-14]
CHR Extension: (Google Drive) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-14]
CHR Extension: (Mancala) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjlhjhpnhabnfepdfemepiilbjbkecpe [2014-07-12]
CHR Extension: (Thesaurus.com - Synonyms and Antonyms) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabakieebci [2014-07-12]
CHR Extension: (Google Search) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-14]
CHR Extension: (Netflix) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2014-07-12]
CHR Extension: (Google News) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2013-05-17]
CHR Extension: (Pandora) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-02-14]
CHR Extension: (PageRank Checker) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfnmbajmhlicbciamdjolghciajfpanb [2014-07-12]
CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2014-07-12]
CHR Extension: (Fairway Solitaire) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkpbdfapchjogkmfpcmnfjdimgijhdho [2013-02-14]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2013-05-28]
CHR Extension: (Spotify Chrome Extension) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjmlahipheaaghllkabfkpolljilkjb [2013-02-14]
CHR Extension: (Flood-It!) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp [2014-07-12]
CHR Extension: (NPR Infinite Player) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf [2014-07-12]
CHR Extension: (Eye Dropper) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka [2014-07-12]
CHR Extension: (Google Play Music) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-02-14]
CHR Extension: (Night Time In New York City) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek [2013-05-15]
CHR Extension: (LJ Account Juggler) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfnihbghaikdicpdiciecbbdoegcfhc [2014-07-12]
CHR Extension: (The Poppit Show) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgelgappphlblgabnmkmdeifjkgfchbl [2013-05-28]
CHR Extension: (Google Play) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-02-14]
CHR Extension: (BuzzFeed) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnidllihfjkdhhojnkemmfbcjecdodc [2013-05-20]
CHR Extension: (Okay Geek News) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnokhoapmmdekfhnmodkcenihchhigio [2013-05-28]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-07-12]
CHR Extension: (Pursued) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mglmffkipgdhdkolbbkofkfhappinpin [2013-05-28]
CHR Extension: (Quick Note) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2014-07-12]
CHR Extension: (NewsSquares - Stylish Reading in Chrome) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmehbmdeabanfnddlekelahkaclfdhl [2013-05-22]
CHR Extension: (Listube - Free Online On-Demand Music Player) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlelfeaeehmpkbcfjmjcbilahepgcjgk [2013-02-14]
CHR Extension: (PageRank Display) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmhofljhcphkbkjmhaiagmbajikkfnep [2014-07-12]
CHR Extension: (PageRank) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmblkkmdeobfklgefdnoakgkmcekhcg [2014-07-12]
CHR Extension: (ScoopIt) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheicoppbioibofoaojjfhlnmgcgkomj [2013-05-28]
CHR Extension: (Google Wallet) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (My Chrome Theme) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-07-12]
CHR Extension: (__MSG_extBrowserActionName__) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelggcmknbjmhkpgjfhakedcfnkgbdpg [2014-07-12]
CHR Extension: (Gmail) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1564944 2014-10-01] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3526160 2014-10-01] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [323288 2014-10-01] (AVG Technologies CZ, s.r.o.)
S2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138032 2012-04-13] (Portrait Displays, Inc.)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-11-15] (Alcatel-Lucent) [File not signed]
S2 pcServiceHost; C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [342528 2012-11-15] (Alcatel-Lucent) [File not signed]
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
S2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [520360 2013-03-25] (iWin Inc.)
S2 vToolbarUpdater14.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.0\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [261400 2014-09-30] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-09-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [37720 2012-12-26] (AVG Technologies)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-11-15] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2012-11-15] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-11-15] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2012-11-15] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20784 2012-04-13] (Portrait Displays, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-19] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-25 16:33 - 2014-10-25 16:33 - 00024773 _____ () C:\Users\Marvin\Desktop\FRST.txt
2014-10-25 15:28 - 2014-10-25 15:28 - 00000926 _____ () C:\Users\Marvin\Desktop\JRT.txt
2014-10-25 14:56 - 2014-10-25 14:56 - 00003182 _____ () C:\Users\Marvin\Desktop\AdwCleaner[S0].txt
2014-10-25 13:32 - 2014-10-25 13:32 - 00000000 ____D () C:\Windows\ERUNT
2014-10-25 13:31 - 2014-10-25 14:52 - 00000000 ____D () C:\AdwCleaner
2014-10-25 13:31 - 2014-10-25 13:31 - 01706144 _____ (Thisisu) C:\Users\Marvin\Desktop\JRT.exe
2014-10-25 13:30 - 2014-10-25 13:30 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Marvin\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-25 13:30 - 2014-10-25 13:30 - 01962496 _____ () C:\Users\Marvin\Desktop\AdwCleaner.exe
2014-10-19 16:24 - 2014-10-19 16:24 - 02112512 _____ (Farbar) C:\Users\Marvin\Desktop\FRST64.exe
2014-10-19 16:23 - 2014-10-19 16:23 - 02112512 _____ (Farbar) C:\Users\Marvin\Downloads\FRST64 (1).exe
2014-10-19 10:39 - 2014-10-19 10:40 - 00000000 ____D () C:\Users\Marvin\Desktop\Crue Cards
2014-10-18 23:50 - 2014-10-18 23:50 - 00003536 ____N () C:\bootsqm.dat
2014-10-18 22:51 - 2014-10-19 00:23 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-18 22:51 - 2014-10-18 22:51 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-18 22:42 - 2014-10-18 22:42 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Marvin\Downloads\procexp.exe
2014-10-18 22:40 - 2014-10-18 22:40 - 01188194 _____ () C:\Users\Marvin\Downloads\ProcessExplorer (1).zip
2014-10-18 19:00 - 2014-10-25 13:06 - 00003344 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2902022946-1923035353-1889978951-1000
2014-10-18 17:25 - 2014-10-18 17:28 - 00072705 _____ () C:\Users\Marvin\Downloads\Addition.txt
2014-10-18 17:21 - 2014-10-24 19:42 - 00059881 _____ () C:\Users\Marvin\Downloads\FRST.txt
2014-10-18 17:20 - 2014-10-25 16:33 - 00000000 ____D () C:\FRST
2014-10-18 17:19 - 2014-10-18 17:20 - 00415232 _____ (Farbar) C:\Users\Marvin\Downloads\FSS.exe
2014-10-18 17:14 - 2014-10-18 17:14 - 02112000 _____ (Farbar) C:\Users\Marvin\Downloads\FRST64.exe
2014-10-18 06:58 - 2014-10-25 15:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-18 06:57 - 2014-10-25 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-18 06:57 - 2014-10-18 06:57 - 00001068 _____ () C:\Users\Marvin\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-18 06:56 - 2014-10-25 13:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-18 06:56 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-18 06:56 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-18 06:56 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-15 15:13 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 15:13 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 15:13 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 15:13 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 15:13 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 15:13 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 15:13 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 15:12 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 15:12 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 15:12 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 15:12 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 15:12 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 15:12 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 15:12 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 15:12 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 15:12 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 15:12 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 15:12 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 15:12 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 15:12 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 15:12 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 15:12 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 15:12 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 15:12 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 15:12 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 15:12 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 15:12 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 15:12 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 15:12 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 15:12 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 15:12 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 15:12 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 15:12 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 15:12 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 15:12 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 15:12 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 15:12 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 15:12 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 15:12 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 15:12 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 15:12 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 15:12 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 15:12 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 15:12 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 15:12 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 15:12 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 15:12 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 15:12 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 15:12 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 15:12 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 15:12 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 15:12 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 15:12 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 15:12 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 15:12 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 15:12 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 15:12 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 15:12 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 15:12 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 15:12 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 15:12 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 15:12 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 15:12 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 15:12 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 15:12 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 15:12 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 15:12 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 15:12 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 15:12 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 15:12 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 15:12 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 15:12 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 15:12 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 15:12 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 15:11 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 15:11 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 15:11 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 15:11 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 15:11 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 15:11 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 15:11 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 15:11 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 15:11 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 15:11 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 15:11 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 15:11 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 15:11 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 15:11 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 15:11 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 15:11 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 15:11 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 15:11 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 15:11 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 15:11 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 15:11 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 15:11 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 15:11 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 15:11 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 15:11 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 15:11 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 15:11 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 15:11 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 15:10 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 15:10 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 15:10 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 15:10 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 15:10 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 15:10 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 15:10 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 15:10 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 15:10 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 15:10 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 15:10 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 15:10 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 15:10 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 15:10 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 15:10 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 15:10 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 15:10 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 15:10 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 15:10 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 15:10 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 08:57 - 2014-10-18 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Criminal Investigation Agents - Petrodollars
2014-10-15 08:57 - 2014-10-18 18:42 - 00000000 ____D () C:\Program Files (x86)\Criminal Investigation Agents - Petrodollars
2014-10-15 08:57 - 2014-10-18 18:22 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Criminal Investigation Agents - Petrodollars
2014-10-15 08:57 - 2014-10-15 08:57 - 00001318 _____ () C:\Users\Public\Desktop\More Great Games.lnk
2014-10-13 11:18 - 2014-10-25 14:54 - 00002882 _____ () C:\Windows\PFRO.log
2014-10-13 09:19 - 2014-10-18 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shrouded Tales - The Spellbound Land
2014-10-13 09:19 - 2014-10-18 18:42 - 00000000 ____D () C:\Program Files (x86)\Shrouded Tales - The Spellbound Land
2014-10-13 09:19 - 2014-10-18 18:22 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shrouded Tales - The Spellbound Land
2014-10-11 08:42 - 2014-10-11 08:42 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\IteraLabs
2014-10-08 15:59 - 2014-10-08 15:59 - 00027647 _____ () C:\Users\Marvin\Downloads\Hiveworks Comics.htm
2014-10-06 15:08 - 2014-10-25 13:06 - 00000840 _____ () C:\Windows\setupact.log
2014-10-05 10:14 - 2014-10-05 10:14 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Whispered Secrets - Into the Wind Collectors Edition
2014-10-05 10:14 - 2014-10-05 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Whispered Secrets - Into the Wind Collectors Edition
2014-10-05 10:14 - 2014-10-05 10:14 - 00000000 ____D () C:\Program Files (x86)\Whispered Secrets - Into the Wind Collectors Edition
2014-10-05 09:01 - 2014-10-05 09:03 - 00000000 ____D () C:\Program Files (x86)\Labyrinths of the World - Shattered Soul
2014-10-05 09:01 - 2014-10-05 09:01 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Labyrinths of the World - Shattered Soul
2014-10-05 09:01 - 2014-10-05 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Labyrinths of the World - Shattered Soul
2014-09-30 20:55 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 20:55 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 17:35 - 2014-09-30 17:35 - 00261400 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-09-27 10:03 - 2014-09-27 10:03 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystic Saga
2014-09-27 10:03 - 2014-09-27 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystic Saga
2014-09-27 10:03 - 2014-09-27 10:03 - 00000000 ____D () C:\Program Files (x86)\Mystic Saga
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-25 16:32 - 2013-03-03 12:28 - 00000000 ___RD () C:\Users\Marvin\Desktop\computer fix
2014-10-25 14:52 - 2014-09-24 19:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-25 13:09 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-25 13:09 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-25 13:08 - 2012-02-01 18:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-25 13:07 - 2011-08-26 15:33 - 00000000 ____D () C:\ProgramData\PDFC
2014-10-25 13:06 - 2014-09-11 19:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-25 13:06 - 2014-08-18 08:22 - 00003212 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2902022946-1923035353-1889978951-1000
2014-10-25 13:06 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-25 08:29 - 2011-08-26 15:19 - 01237738 _____ () C:\Windows\WindowsUpdate.log
2014-10-25 08:19 - 2011-11-06 23:12 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-25 08:15 - 2012-08-24 10:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-24 23:43 - 2012-07-02 03:08 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMarvin
2014-10-24 23:43 - 2012-07-02 03:08 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForMarvin.job
2014-10-19 16:24 - 2011-11-06 22:28 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{27D86958-5E2B-4C0C-BA46-D9E46261A1D6}
2014-10-19 10:40 - 2011-11-11 18:27 - 00000000 ___RD () C:\Users\Marvin\Desktop\games
2014-10-19 10:38 - 2011-11-21 17:57 - 00000000 ____D () C:\Windows\Minidump
2014-10-19 10:38 - 2011-08-26 15:51 - 00336641 ____N () C:\Windows\Minidump\101914-72228-01.dmp
2014-10-19 10:23 - 2011-11-10 20:37 - 00007653 _____ () C:\Users\Marvin\AppData\Local\Resmon.ResmonCfg
2014-10-19 10:22 - 2011-08-26 15:25 - 00000000 ____D () C:\ProgramData\Temp
2014-10-19 08:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-18 23:24 - 2011-11-06 22:23 - 00000000 ____D () C:\Users\Marvin
2014-10-18 23:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-10-18 18:58 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Web
2014-10-18 18:42 - 2014-09-11 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-18 18:42 - 2011-08-26 15:26 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-10-18 18:42 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-18 18:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-18 18:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-18 18:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-18 18:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-18 18:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-18 18:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-10-18 12:08 - 2011-11-08 17:24 - 00000000 ____D () C:\Users\Marvin\AppData\Local\CrashDumps
2014-10-18 06:57 - 2012-06-29 21:32 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Malwarebytes
2014-10-18 06:56 - 2013-02-06 19:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-18 06:56 - 2012-06-29 21:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-18 03:57 - 2014-09-11 19:16 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 03:57 - 2014-09-11 19:16 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 03:57 - 2014-09-11 19:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-17 21:43 - 2013-07-20 08:46 - 00000000 ____D () C:\BigFishCache
2014-10-16 21:27 - 2014-09-11 19:17 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-16 03:51 - 2011-11-12 23:02 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-16 03:51 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 03:48 - 2009-07-13 23:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 03:23 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 03:01 - 2011-11-10 15:56 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-13 09:28 - 2013-10-06 19:33 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Friendly Cactus
2014-10-13 08:24 - 2011-11-21 13:20 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-13 08:24 - 2011-11-14 13:06 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-13 08:23 - 2011-11-14 13:05 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\HP Support Assistant
2014-10-13 08:23 - 2011-11-07 22:40 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\HpUpdate
2014-10-13 08:15 - 2014-05-03 08:40 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Brave Giant
2014-10-11 10:44 - 2014-03-09 10:22 - 00000000 ____D () C:\ProgramData\Meridian93
2014-10-11 10:22 - 2012-05-20 16:09 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Meridian93
2014-10-06 11:04 - 2014-08-18 08:13 - 00000927 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-06 11:04 - 2014-08-18 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-05 10:25 - 2013-12-12 06:53 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\GrandMA Studios
2014-10-05 09:14 - 2012-10-18 19:09 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\DominiGames
2014-10-04 11:11 - 2012-07-07 13:09 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Mad Head Games
2014-10-02 19:06 - 2014-02-19 22:14 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\8floor
2014-09-29 20:11 - 2013-03-03 12:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-28 11:15 - 2012-06-16 09:21 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Artifex Mundi
2014-09-28 00:18 - 2012-05-28 11:38 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Eipix
2014-09-27 21:11 - 2012-01-15 15:51 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Elephant Games
 
Some content of TEMP:
====================
C:\Users\Marvin\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Marvin\AppData\Local\Temp\Quarantine.exe
C:\Users\Marvin\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 03:00
 
==================== End Of Log ============================


#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:17 AM

Posted 26 October 2014 - 02:14 PM

First,
  • Please download the attached fixlist.txt file and save it to the same location as FRST
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Next,
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Attached Files


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users