Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Java/Adobe Popup/Adware


  • This topic is locked This topic is locked
14 replies to this topic

#1 Levaus

Levaus

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 19 October 2014 - 08:32 PM

   Ok I have been having this recurring problem where I am automatically navigated to a java or adobe page where it auto-downloads a file.  Sometimes dialogue boxes popup in the top middle of my screen under my address bar that I have to close out of over and over again until they stop and occasionally one so large comes up that I have to start task manager because I cannot see the bottom.

   I was following another forum by one of your admins that instructed to download FRST and as far as I can tell it is a similar program that produces similar results. If I am wrong please tell me. I will gladly put the proper one on and run it but this is what I got.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2014
Ran by Raider (administrator) on RAIDER-PC on 19-10-2014 20:35:58
Running from C:\Users\Raider\Downloads
Loaded Profile: Raider (Available profiles: Raider)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Akamai Technologies, Inc.) C:\Users\Raider\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Raider\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() E:\Games\LeagueofLegends\RADS\system\rads_user_kernel.exe
() E:\Games\LeagueofLegends\RADS\projects\lol_launcher\releases\0.0.0.224\deploy\LoLLauncher.exe
() E:\Games\LeagueofLegends\RADS\projects\lol_patcher\releases\0.0.0.8\deploy\LoLPatcher.exe
() E:\Games\LeagueofLegends\RADS\projects\lol_air_client\releases\0.0.1.113\deploy\LolClient.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() E:\Games\LeagueofLegends\RADS\solutions\lol_game_client_sln\releases\0.0.1.60\deploy\League of Legends.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-08-14] (Realtek Semiconductor)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKU\S-1-5-21-571711918-3469745088-2136342978-1000\...\Run: [DriverUpdaterPro] => C:\Program Files (x86)\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
HKU\S-1-5-21-571711918-3469745088-2136342978-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-11] (SUPERAntiSpyware)
HKU\S-1-5-21-571711918-3469745088-2136342978-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Raider\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-571711918-3469745088-2136342978-1000\...\MountPoints2: {8fac814f-358f-11e4-9f61-e03f496da605} - F:\setup.exe -a
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF5387807C286CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto2_14_30&cd=2XzuyEtN2Y1L1Qzu0E0CtC0AyDzytAzyyDzy0DtAtAyCyBzztN0D0Tzu0SzyyDzztN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FtB1VtCyE1VtAtDtN1L1G1B1V1N2Y1L1Qzu2SyBzyzy0B0F0CtDzytGtDyE0A0AtG0C0Bzz0BtG0FyDyByEtGyByDzytAzzzy0E0FyCyDtD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByCtCtC0CyDyEzytG0B0C0B0CtGyC0DtByCtGyC0BtD0CtGyC0B0EyCtD0C0B0EtAzztCzy2Q&cr=1245285764&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto2_14_30&cd=2XzuyEtN2Y1L1Qzu0E0CtC0AyDzytAzyyDzy0DtAtAyCyBzztN0D0Tzu0SzyyDzztN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FtB1VtCyE1VtAtDtN1L1G1B1V1N2Y1L1Qzu2SyBzyzy0B0F0CtDzytGtDyE0A0AtG0C0Bzz0BtG0FyDyByEtGyByDzytAzzzy0E0FyCyDtD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByCtCtC0CyDyEzytG0B0C0B0CtGyC0DtByCtGyC0BtD0CtGyC0B0EyCtD0C0B0EtAzztCzy2Q&cr=1245285764&ir=
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto2_14_30&cd=2XzuyEtN2Y1L1Qzu0E0CtC0AyDzytAzyyDzy0DtAtAyCyBzztN0D0Tzu0SzyyDzztN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FtB1VtCyE1VtAtDtN1L1G1B1V1N2Y1L1Qzu2SyBzyzy0B0F0CtDzytGtDyE0A0AtG0C0Bzz0BtG0FyDyByEtGyByDzytAzzzy0E0FyCyDtD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByCtCtC0CyDyEzytG0B0C0B0CtGyC0DtByCtGyC0BtD0CtGyC0B0EyCtD0C0B0EtAzztCzy2Q&cr=1245285764&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto2_14_30&cd=2XzuyEtN2Y1L1Qzu0E0CtC0AyDzytAzyyDzy0DtAtAyCyBzztN0D0Tzu0SzyyDzztN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FtB1VtCyE1VtAtDtN1L1G1B1V1N2Y1L1Qzu2SyBzyzy0B0F0CtDzytGtDyE0A0AtG0C0Bzz0BtG0FyDyByEtGyByDzytAzzzy0E0FyCyDtD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByCtCtC0CyDyEzytG0B0C0B0CtGyC0DtByCtGyC0BtD0CtGyC0B0EyCtD0C0B0EtAzztCzy2Q&cr=1245285764&ir=
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 4.2.2.2

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Raider\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Raider\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Raider\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-13]
CHR Extension: (Google Drive) - C:\Users\Raider\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Raider\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-13]
CHR Extension: (YouTube) - C:\Users\Raider\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-13]
CHR Extension: (Google Search) - C:\Users\Raider\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-13]
CHR Extension: (Google Wallet) - C:\Users\Raider\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-13]
CHR Extension: (NextCoup) - C:\Users\Raider\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk [2014-08-15]
CHR Extension: (Gmail) - C:\Users\Raider\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]
S3 DAUpdaterSvc; E:\Game Cache\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-05-19] (Razer Inc)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-19 20:35 - 2014-10-19 20:35 - 00074656 _____ () C:\Users\Raider\Downloads\FLVPlayer-Chrome (1).exe
2014-10-19 20:35 - 2014-10-19 20:35 - 00000000 ____D () C:\Users\Raider\Downloads\FRST-OlderVersion
2014-10-19 19:49 - 2014-10-19 19:49 - 00071536 _____ (Premium Installer ) C:\Users\Raider\Downloads\setup (11).exe
2014-10-19 01:38 - 2014-10-19 01:38 - 00071536 _____ (Premium Installer ) C:\Users\Raider\Downloads\setup (10).exe
2014-10-19 01:37 - 2014-10-19 01:37 - 00071536 _____ (Premium Installer ) C:\Users\Raider\Downloads\setup (9).exe
2014-10-19 01:27 - 2014-10-19 01:27 - 00071536 _____ (Premium Installer ) C:\Users\Raider\Downloads\setup (8).exe
2014-10-19 01:24 - 2014-10-19 01:24 - 00071536 _____ (Premium Installer ) C:\Users\Raider\Downloads\setup (7).exe
2014-10-18 20:09 - 2014-10-19 20:35 - 00014893 _____ () C:\Users\Raider\Downloads\FRST.txt
2014-10-18 20:09 - 2014-10-19 20:35 - 00000000 ____D () C:\FRST
2014-10-18 20:09 - 2014-10-18 20:09 - 00027090 _____ () C:\Users\Raider\Downloads\Addition.txt
2014-10-18 20:07 - 2014-10-19 20:35 - 02112512 _____ (Farbar) C:\Users\Raider\Downloads\FRST64.exe
2014-10-18 19:58 - 2014-10-18 19:58 - 00071536 _____ (Premium Installer ) C:\Users\Raider\Downloads\setup (6).exe
2014-10-18 19:53 - 2014-10-18 19:53 - 00000222 _____ () C:\Users\Raider\Desktop\Blade Symphony.url
2014-10-18 17:03 - 2014-10-18 17:03 - 00071536 _____ (Premium Installer ) C:\Users\Raider\Downloads\setup (5).exe
2014-10-18 15:58 - 2014-10-18 15:58 - 00071536 _____ (Premium Installer ) C:\Users\Raider\Downloads\setup (4).exe
2014-10-18 05:27 - 2014-10-18 05:27 - 00071536 _____ (Premium Installer ) C:\Users\Raider\Downloads\setup (3).exe
2014-10-18 03:28 - 2014-10-18 03:28 - 00071536 _____ (Premium Installer ) C:\Users\Raider\Downloads\setup (2).exe
2014-10-18 01:09 - 2014-10-18 01:09 - 00071536 _____ (Premium Installer ) C:\Users\Raider\Downloads\setup (1).exe
2014-10-17 23:52 - 2014-10-17 23:52 - 00071536 _____ (Premium Installer ) C:\Users\Raider\Downloads\setup.exe
2014-10-16 21:11 - 2014-10-16 21:46 - 00000000 ____D () C:\Users\Raider\AppData\Local\The Witcher
2014-10-16 21:11 - 2014-10-16 21:11 - 00000000 ____D () C:\Users\Raider\Documents\The Witcher
2014-10-16 21:10 - 2014-10-16 21:10 - 00000000 ____D () C:\Users\Public\Documents\The Witcher
2014-10-15 03:29 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 03:29 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 03:29 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 03:29 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 03:29 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 03:29 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 03:29 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 03:29 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 03:29 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 03:29 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 03:29 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 03:29 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 03:29 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 03:29 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 03:29 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 03:29 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 03:29 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 03:29 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 03:29 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 03:29 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 03:29 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 03:29 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 03:29 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 03:29 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 03:29 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 03:29 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 03:29 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 03:29 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 03:29 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 03:29 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 03:29 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 03:29 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 03:29 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 03:29 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 03:29 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 03:29 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 03:29 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 03:29 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 03:29 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 03:29 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 03:29 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 03:29 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 03:29 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 03:29 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 03:29 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 03:29 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 03:29 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 03:29 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 03:29 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 03:29 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 03:29 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 03:29 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 03:29 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 03:29 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 03:29 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 03:29 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 03:29 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 03:29 - 2014-08-18 23:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 03:29 - 2014-08-18 23:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 03:29 - 2014-08-18 23:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 03:29 - 2014-08-18 23:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 03:29 - 2014-08-18 23:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 03:29 - 2014-08-18 23:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 03:29 - 2014-08-18 23:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 03:29 - 2014-08-18 23:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 03:29 - 2014-08-18 23:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 03:29 - 2014-08-18 23:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 03:29 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 03:29 - 2014-08-18 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 03:29 - 2014-08-18 22:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 03:29 - 2014-07-06 22:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 03:29 - 2014-07-06 22:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 03:29 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 03:29 - 2014-07-06 22:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 03:29 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 03:29 - 2014-07-06 22:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 03:29 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 03:29 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 03:29 - 2014-07-06 22:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 03:29 - 2014-07-06 22:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 03:29 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 03:29 - 2014-07-06 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 03:29 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 00516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 03:29 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 03:29 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 03:29 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 03:29 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 03:29 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 03:29 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 03:29 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 03:29 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 03:29 - 2014-06-27 20:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 03:29 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 03:29 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 03:29 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 03:29 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 03:29 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 03:29 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 03:29 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 03:29 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 03:28 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 03:28 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 03:28 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 03:28 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 03:28 - 2014-07-16 22:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 03:28 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 03:28 - 2014-07-16 22:07 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 03:28 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 03:28 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 03:28 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 03:28 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 03:28 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 03:28 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 03:28 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 03:28 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 03:28 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 03:28 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 03:28 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 03:28 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 03:28 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 03:28 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 03:28 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-15 03:28 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-15 03:28 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-15 03:28 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-15 03:28 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-15 03:28 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-15 03:28 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-15 03:28 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-10-12 07:13 - 2014-10-12 07:13 - 00941272 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-10-12 07:13 - 2014-10-12 07:13 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 31512520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 17555104 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 16122344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-10-12 07:12 - 2014-10-12 07:12 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 02814656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-10-12 07:12 - 2014-10-12 07:12 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-10-11 19:41 - 2014-10-11 19:41 - 00000000 ____D () C:\Users\Raider\Documents\WB Games
2014-10-11 05:19 - 2014-10-11 05:19 - 00000222 _____ () C:\Users\Raider\Desktop\Middle-earth Shadow of Mordor.url
2014-10-11 05:19 - 2014-10-11 05:19 - 00000221 _____ () C:\Users\Raider\Desktop\The Witcher Enhanced Edition.url
2014-10-09 16:45 - 2014-10-09 16:46 - 00000000 ____D () C:\Users\Raider\Desktop\Top Gun (1986) [1080p]
2014-10-09 16:45 - 2014-10-09 16:46 - 00000000 ____D () C:\Users\Raider\Desktop\The.Departed.2006.1080p.BluRay.x264.anoXmous
2014-10-09 16:45 - 2014-10-09 16:45 - 00000000 ____D () C:\Users\Raider\Desktop\Now You See Me (2013)
2014-10-09 07:08 - 2014-10-09 07:08 - 00053616 _____ (Premium Installer ) C:\Users\Raider\Downloads\javaupdate_setup.exe
2014-10-09 07:08 - 2014-10-09 07:08 - 00053616 _____ (Premium Installer ) C:\Users\Raider\Downloads\javaupdate_setup (2).exe
2014-10-09 07:08 - 2014-10-09 07:08 - 00053616 _____ (Premium Installer ) C:\Users\Raider\Downloads\javaupdate_setup (1).exe
2014-10-08 12:57 - 2014-10-08 12:57 - 00398880 _____ () C:\Users\Raider\Downloads\FLVPlayer-Chrome.exe
2014-10-06 05:10 - 2014-10-06 05:15 - 00000000 ____D () C:\Users\Raider\AppData\Local\Turbine
2014-10-06 05:10 - 2014-10-06 05:12 - 00000000 ____D () C:\Users\Raider\AppData\Local\Akamai
2014-10-06 05:10 - 2014-10-06 05:10 - 00000000 ____D () C:\Users\Raider\Documents\The Lord of the Rings Online
2014-10-05 12:02 - 2014-10-05 12:02 - 00033795 _____ () C:\Users\Raider\Downloads\WRK_RESPEC_MOD_16 (2).dazip
2014-10-05 12:00 - 2014-10-05 12:00 - 00002283 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-10-05 12:00 - 2014-10-05 12:00 - 00002277 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-10-05 12:00 - 2014-10-05 12:00 - 00000000 ____D () C:\Users\Raider\AppData\Local\WinZip
2014-10-05 12:00 - 2014-10-05 12:00 - 00000000 ____D () C:\ProgramData\WinZip
2014-10-05 12:00 - 2014-10-05 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-10-05 12:00 - 2014-10-05 12:00 - 00000000 ____D () C:\Program Files\WinZip
2014-10-05 11:59 - 2014-10-05 11:59 - 00359459 _____ () C:\Users\Raider\Downloads\DAO-Modmanager_1_9d (1).7z
2014-10-05 11:58 - 2014-10-05 11:58 - 00873680 _____ ( ) C:\Users\Raider\Downloads\winzip185-cnet.exe
2014-10-05 11:57 - 2014-10-05 11:57 - 00359459 _____ () C:\Users\Raider\Downloads\DAO-Modmanager_1_9d.7z
2014-10-05 11:44 - 2014-10-05 11:44 - 00033795 _____ () C:\Users\Raider\Downloads\WRK_RESPEC_MOD_16 (1).dazip
2014-10-05 08:10 - 2014-10-05 08:10 - 00033795 _____ () C:\Users\Raider\Downloads\WRK_RESPEC_MOD_16.dazip
2014-10-05 08:06 - 2014-10-05 08:06 - 00033795 _____ () C:\Users\Raider\Downloads\Character Respec Mod v1_6-14.dazip
2014-10-03 06:17 - 2014-10-03 21:47 - 00000210 _____ () C:\Users\Raider\Desktop\The Lord of the Rings Online.url
2014-10-03 05:47 - 2014-10-03 05:47 - 00000222 _____ () C:\Users\Raider\Desktop\Fallen Earth.url
2014-09-23 04:48 - 2014-09-23 04:48 - 00000000 ____D () C:\SUPERDelete
2014-09-23 04:47 - 2014-09-23 04:47 - 00000000 ____D () C:\Users\Raider\AppData\Roaming\SUPERAntiSpyware.com
2014-09-23 04:28 - 2014-10-18 06:08 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-23 04:28 - 2014-10-08 01:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-09-23 04:28 - 2014-09-23 04:28 - 19496544 _____ (SUPERAntiSpyware) C:\Users\Raider\Downloads\SUPERAntiSpyware.exe
2014-09-23 04:28 - 2014-09-23 04:28 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-09-23 04:28 - 2014-09-23 04:28 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-09-19 06:52 - 2014-09-19 06:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-19 06:47 - 2014-09-19 06:47 - 00552648 _____ () C:\Windows\Minidump\091914-12682-01.dmp
2014-09-19 06:42 - 2014-09-19 06:47 - 00000000 ____D () C:\Windows\Minidump
2014-09-19 06:42 - 2014-09-19 06:42 - 00551848 _____ () C:\Windows\Minidump\091914-10982-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-19 20:35 - 2014-06-15 23:46 - 00000000 ____D () C:\Users\Raider\AppData\Roaming\Skype
2014-10-19 20:32 - 2014-06-13 01:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-19 20:19 - 2009-07-14 00:45 - 00016864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-19 20:19 - 2009-07-14 00:45 - 00016864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-19 19:51 - 2014-08-14 17:25 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-19 19:23 - 2009-07-14 01:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-19 19:22 - 2014-06-12 16:29 - 01632791 _____ () C:\Windows\WindowsUpdate.log
2014-10-19 19:19 - 2014-06-13 01:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-19 19:19 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-19 19:19 - 2009-07-14 00:51 - 00048621 _____ () C:\Windows\setupact.log
2014-10-16 21:11 - 2014-06-13 03:10 - 00341252 _____ () C:\Windows\DirectX.log
2014-10-16 06:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 04:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-16 03:39 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 03:39 - 2009-07-14 00:45 - 00263728 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 03:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 03:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-13 03:12 - 2014-06-13 04:31 - 00000000 ____D () C:\Users\Raider\AppData\Roaming\uTorrent
2014-10-12 07:13 - 2014-06-13 01:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-12 07:13 - 2014-06-13 00:54 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-10-12 07:12 - 2014-06-13 01:08 - 18626304 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-10-12 07:12 - 2014-06-13 01:08 - 14498552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-10-12 07:12 - 2014-06-13 01:08 - 03196816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-10-12 07:12 - 2014-06-13 01:08 - 00965312 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-10-12 07:12 - 2014-06-13 01:08 - 00026353 _____ () C:\Windows\system32\nvinfo.pb
2014-10-12 07:12 - 2014-06-13 01:08 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-10-11 05:20 - 2014-06-14 12:58 - 00000000 ____D () C:\Users\Raider\AppData\Roaming\vlc
2014-10-10 03:32 - 2010-11-20 23:47 - 00074924 _____ () C:\Windows\PFRO.log
2014-10-07 15:00 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Performance
2014-10-07 14:58 - 2014-08-31 11:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-24 05:00 - 2014-06-13 01:40 - 00000222 _____ () C:\Users\Raider\Desktop\DayZ.url
2014-09-23 04:48 - 2014-06-13 01:04 - 00000000 ____D () C:\Users\Raider\AppData\Roaming\IObit
2014-09-22 02:42 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-19 06:52 - 2014-06-15 23:46 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-19 06:52 - 2014-06-15 23:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-19 06:52 - 2014-06-15 23:46 - 00000000 ____D () C:\ProgramData\Skype
2014-09-19 06:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\LiveKernelReports

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 00:39

==================== End Of Log ============================

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01
Ran by Raider at 2014-10-18 20:09:46
Running from C:\Users\Raider\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.31745 - BitTorrent Inc.)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Belkin N750 Dual Band Wireless USB Adapter (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.11.0 - Belkin International, Inc.)
Blade Symphony (HKLM-x32\...\Steam App 225600) (Version:  - Puny Human)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome LLC)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.5 - IObit)
Elsword (HKLM-x32\...\Steam App 237310) (Version:  - KOG)
Fallen Earth (HKLM-x32\...\Steam App 113420) (Version:  - Reloaded Productions)
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
From Dust (HKLM-x32\...\Steam App 33460) (Version:  - Ubisoft Montpellier)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version:  - BioWare)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
NVIDIA Control Panel 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.154.1150 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Reus (HKLM-x32\...\Steam App 222730) (Version:  - Abbey Games)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Starcraft (HKLM-x32\...\Starcraft) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Lord of the Rings Online™ (HKLM-x32\...\Steam App 212500) (Version:  - Turbine, Inc.)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
Toy Soldiers (HKLM-x32\...\Steam App 98300) (Version:  - Signal Studios)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

18-10-2014 06:40:40 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1363AA9C-756D-4061-8D96-139C46C6FA46} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {33FFFE97-0858-411A-89F1-D81F2C7C35CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {5DE0CBDA-E04B-4E4D-80FB-0748A0FE4D1B} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-08-01] (IObit)
Task: {6529B6B9-AFB4-4513-A491-B95517543BCA} - System32\Tasks\Driver Booster SkipUAC (Raider) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-08-06] (IObit)
Task: {B9752AA1-851E-4840-B611-A38217C82998} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-13 01:08 - 2014-07-02 14:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-13 00:52 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-08-30 11:14 - 2014-08-21 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-30 11:14 - 2014-08-21 14:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-30 11:14 - 2014-08-21 14:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-14 17:29 - 2014-09-03 15:28 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-08-14 17:29 - 2014-09-23 00:32 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-30 11:14 - 2014-08-21 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-30 11:14 - 2014-08-21 14:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-08-14 17:29 - 2014-09-23 00:32 - 00679616 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-08-14 17:29 - 2014-09-04 19:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-14 17:29 - 2014-09-04 19:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-08-15 03:44 - 2014-08-06 23:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-15 03:44 - 2014-08-06 23:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-15 03:44 - 2014-08-06 23:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-15 03:44 - 2014-08-06 23:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-15 03:44 - 2014-08-06 23:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-15 03:44 - 2014-08-06 23:20 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-571711918-3469745088-2136342978-500 - Administrator - Disabled)
Guest (S-1-5-21-571711918-3469745088-2136342978-501 - Limited - Disabled)
Raider (S-1-5-21-571711918-3469745088-2136342978-1000 - Administrator - Enabled) => C:\Users\Raider

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2014 02:06:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2014 04:40:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program League of Legends.exe version 4.18.0.274 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11f4

Start Time: 01cfe91cd01775b2

Termination Time: 7

Application Path: E:\Games\LeagueofLegends\RADS\solutions\lol_game_client_sln\releases\0.0.1.60\deploy\League of Legends.exe

Report Id:

Error: (10/16/2014 04:40:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program League of Legends.exe version 4.18.0.274 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1004

Start Time: 01cfe91afb3c73f7

Termination Time: 96

Application Path: E:\Games\LeagueofLegends\RADS\solutions\lol_game_client_sln\releases\0.0.1.60\deploy\League of Legends.exe

Report Id:

Error: (10/16/2014 03:41:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 08:16:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShadowOfMordor.exe, version: 1.0.1636.21, time stamp: 0x54333a86
Faulting module name: ShadowOfMordor.exe, version: 1.0.1636.21, time stamp: 0x54333a86
Exception code: 0xc0000005
Fault offset: 0x00000000003ef1f6
Faulting process id: 0x964
Faulting application start time: 0xShadowOfMordor.exe0
Faulting application path: ShadowOfMordor.exe1
Faulting module path: ShadowOfMordor.exe2
Report Id: ShadowOfMordor.exe3

Error: (10/12/2014 08:04:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShadowOfMordor.exe, version: 1.0.1636.21, time stamp: 0x54333a86
Faulting module name: ShadowOfMordor.exe, version: 1.0.1636.21, time stamp: 0x54333a86
Exception code: 0xc0000005
Fault offset: 0x00000000003ef1f6
Faulting process id: 0xd84
Faulting application start time: 0xShadowOfMordor.exe0
Faulting application path: ShadowOfMordor.exe1
Faulting module path: ShadowOfMordor.exe2
Report Id: ShadowOfMordor.exe3

Error: (10/12/2014 07:22:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShadowOfMordor.exe, version: 1.0.1636.21, time stamp: 0x54333a86
Faulting module name: ShadowOfMordor.exe, version: 1.0.1636.21, time stamp: 0x54333a86
Exception code: 0xc0000005
Fault offset: 0x00000000003ef1f6
Faulting process id: 0x1bc
Faulting application start time: 0xShadowOfMordor.exe0
Faulting application path: ShadowOfMordor.exe1
Faulting module path: ShadowOfMordor.exe2
Report Id: ShadowOfMordor.exe3

Error: (10/12/2014 07:07:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShadowOfMordor.exe, version: 1.0.1636.21, time stamp: 0x54333a86
Faulting module name: ShadowOfMordor.exe, version: 1.0.1636.21, time stamp: 0x54333a86
Exception code: 0xc0000005
Fault offset: 0x00000000003ef1f6
Faulting process id: 0x10a4
Faulting application start time: 0xShadowOfMordor.exe0
Faulting application path: ShadowOfMordor.exe1
Faulting module path: ShadowOfMordor.exe2
Report Id: ShadowOfMordor.exe3

Error: (10/12/2014 07:04:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 07:01:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShadowOfMordor.exe, version: 1.0.1636.21, time stamp: 0x54333a86
Faulting module name: ShadowOfMordor.exe, version: 1.0.1636.21, time stamp: 0x54333a86
Exception code: 0xc0000005
Fault offset: 0x00000000003ef1f6
Faulting process id: 0x1010
Faulting application start time: 0xShadowOfMordor.exe0
Faulting application path: ShadowOfMordor.exe1
Faulting module path: ShadowOfMordor.exe2
Report Id: ShadowOfMordor.exe3

System errors:
=============
Error: (10/18/2014 02:41:03 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "RAIDER-PC      :20" could not be registered on the interface with IP address 10.3.16.229.
The computer with the IP address 10.3.18.192 did not allow the name to be claimed by
this computer.

Error: (10/18/2014 02:41:03 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "RAIDER-PC      :0" could not be registered on the interface with IP address 10.3.16.229.
The computer with the IP address 10.3.18.192 did not allow the name to be claimed by
this computer.

Error: (10/18/2014 02:41:03 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{C4090202-5E12-4012-A7B7-A93E66960A8F} because another computer on the network has the same name.  The server could not start.

Error: (10/17/2014 09:14:39 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "RAIDER-PC      :20" could not be registered on the interface with IP address 10.3.16.229.
The computer with the IP address 10.3.18.192 did not allow the name to be claimed by
this computer.

Error: (10/17/2014 09:14:39 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "RAIDER-PC      :0" could not be registered on the interface with IP address 10.3.16.229.
The computer with the IP address 10.3.18.192 did not allow the name to be claimed by
this computer.

Error: (10/17/2014 09:14:39 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{C4090202-5E12-4012-A7B7-A93E66960A8F} because another computer on the network has the same name.  The server could not start.

Error: (10/17/2014 08:12:35 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/17/2014 02:07:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (10/17/2014 02:05:02 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/17/2014 02:04:59 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:41:11 AM on ‎10/‎17/‎2014 was unexpected.

Microsoft Office Sessions:
=========================
Error: (10/17/2014 02:06:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2014 04:40:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: League of Legends.exe4.18.0.27411f401cfe91cd01775b27E:\Games\LeagueofLegends\RADS\solutions\lol_game_client_sln\releases\0.0.1.60\deploy\League of Legends.exe

Error: (10/16/2014 04:40:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: League of Legends.exe4.18.0.274100401cfe91afb3c73f796E:\Games\LeagueofLegends\RADS\solutions\lol_game_client_sln\releases\0.0.1.60\deploy\League of Legends.exe

Error: (10/16/2014 03:41:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 08:16:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ShadowOfMordor.exe1.0.1636.2154333a86ShadowOfMordor.exe1.0.1636.2154333a86c000000500000000003ef1f696401cfe61576d1a928E:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exeE:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe896a8a23-5209-11e4-ac1a-e03f496da605

Error: (10/12/2014 08:04:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ShadowOfMordor.exe1.0.1636.2154333a86ShadowOfMordor.exe1.0.1636.2154333a86c000000500000000003ef1f6d8401cfe60fbeea276fE:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exeE:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exee36a8991-5207-11e4-ac1a-e03f496da605

Error: (10/12/2014 07:22:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ShadowOfMordor.exe1.0.1636.2154333a86ShadowOfMordor.exe1.0.1636.2154333a86c000000500000000003ef1f61bc01cfe60da9177454E:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exeE:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe08f435f8-5202-11e4-ac1a-e03f496da605

Error: (10/12/2014 07:07:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ShadowOfMordor.exe1.0.1636.2154333a86ShadowOfMordor.exe1.0.1636.2154333a86c000000500000000003ef1f610a401cfe60c1b2b393bE:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exeE:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exef3803d9e-51ff-11e4-ac1a-e03f496da605

Error: (10/12/2014 07:04:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 07:01:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ShadowOfMordor.exe1.0.1636.2154333a86ShadowOfMordor.exe1.0.1636.2154333a86c000000500000000003ef1f6101001cfe60713d29b11E:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exeE:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe1be7d2ab-51ff-11e4-9a7f-e03f496da605

==================== Memory info ===========================

Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 35%
Total physical RAM: 8134.48 MB
Available physical RAM: 5249.86 MB
Total Pagefile: 16267.14 MB
Available Pagefile: 12719.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.9 GB) (Free:5.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive e: () (Fixed) (Total:1397.16 GB) (Free:979.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: E3557EAC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1397.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 0D57FD50)
Partition 1: (Active) - (Size=55.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:39 PM

Posted 24 October 2014 - 08:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/552586 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:39 AM

Posted 25 October 2014 - 10:29 AM

Hello Levaus and welcome to BleepingComputer!        :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be check for approval first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 2 days, feel free to PM me.        :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so viaStart > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

 

I'm currently waiting for the instructor to approve my next step of fixing, please wait a bit. I will reply back to you as soon as possible.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:39 AM

Posted 26 October 2014 - 12:26 AM

Hi Levaus.

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

-------------------

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 Levaus

Levaus
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 26 October 2014 - 01:47 AM

# AdwCleaner v4.001 - Report created 26/10/2014 at 02:42:22
# Updated 20/10/2014 by Xplode
# Database : 2014-10-23.2
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Raider - RAIDER-PC
# Running from : C:\Users\Raider\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\PRiccEEchop
Folder Found : C:\ProgramData\PRiccEEchop
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\binffihnpapgdedfocgmndmlhjjfeijl
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\binffihnpapgdedfocgmndmlhjjfeijl
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\binffihnpapgdedfocgmndmlhjjfeijl
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncalfdffpijdjigbjpjihedbdmjnfndl
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncalfdffpijdjigbjpjihedbdmjnfndl
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Derek\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\binffihnpapgdedfocgmndmlhjjfeijl
Folder Found : C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\binffihnpapgdedfocgmndmlhjjfeijl
Folder Found : C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\binffihnpapgdedfocgmndmlhjjfeijl
Folder Found : C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Derek\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\binffihnpapgdedfocgmndmlhjjfeijl
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\binffihnpapgdedfocgmndmlhjjfeijl
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\binffihnpapgdedfocgmndmlhjjfeijl
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncalfdffpijdjigbjpjihedbdmjnfndl
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncalfdffpijdjigbjpjihedbdmjnfndl
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\Raider\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Raider\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Raider\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Raider\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Raider\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Raider\AppData\Local\torch
Folder Found : C:\Users\Raider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
 
***** [ Scheduled Tasks ] *****
 
Task Found : Driver Booster Scan
Task Found : LaunchSignup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Found : HKCU\Software\RegisteredApplicationsEx
Key Found : HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Found : [x64] HKCU\Software\RegisteredApplicationsEx
Key Found : [x64] HKCU\Software\SmartBar
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Google Chrome v36.0.1985.143
 
 
*************************
 
AdwCleaner[R0].txt - [7085 octets] - [26/10/2014 02:42:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7145 octets] ##########


#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:39 AM

Posted 26 October 2014 - 08:34 AM

Hi Levaus.

 

Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator

  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

After you finished run adwcleaner, please create new FRST log again.

 

Also, did the problems still appear?

 

Thank you.


Edited by Sirawit, 26 October 2014 - 08:35 AM.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:39 AM

Posted 29 October 2014 - 12:21 AM

It had been three days since my last reply, are you still there?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#8 Levaus

Levaus
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 29 October 2014 - 11:41 PM

I ran the clean I am still having this problem

 

And now I am not getting any logs.



#9 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:39 AM

Posted 29 October 2014 - 11:53 PM

Hi Levaus.

 

Can you check the C:\adwcleaner folder? Did you see adwcleaner[S0].txt file in there? If you found it post its content here.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#10 Levaus

Levaus
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 30 October 2014 - 12:01 AM

# AdwCleaner v4.001 - Report created 26/10/2014 at 02:42:22
# Updated 20/10/2014 by Xplode
# Database : 2014-10-23.2
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Raider - RAIDER-PC
# Running from : C:\Users\Raider\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\PRiccEEchop
Folder Found : C:\ProgramData\PRiccEEchop
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\binffihnpapgdedfocgmndmlhjjfeijl
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\binffihnpapgdedfocgmndmlhjjfeijl
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\binffihnpapgdedfocgmndmlhjjfeijl
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncalfdffpijdjigbjpjihedbdmjnfndl
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncalfdffpijdjigbjpjihedbdmjnfndl
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Derek\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\binffihnpapgdedfocgmndmlhjjfeijl
Folder Found : C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\binffihnpapgdedfocgmndmlhjjfeijl
Folder Found : C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\binffihnpapgdedfocgmndmlhjjfeijl
Folder Found : C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Derek\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\binffihnpapgdedfocgmndmlhjjfeijl
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\binffihnpapgdedfocgmndmlhjjfeijl
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\binffihnpapgdedfocgmndmlhjjfeijl
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncalfdffpijdjigbjpjihedbdmjnfndl
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncalfdffpijdjigbjpjihedbdmjnfndl
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\Raider\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Raider\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Raider\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Raider\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Raider\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpfjpgcmpilpgbkaobhjebdedloanbk
Folder Found : C:\Users\Raider\AppData\Local\torch
Folder Found : C:\Users\Raider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
 
***** [ Scheduled Tasks ] *****
 
Task Found : Driver Booster Scan
Task Found : LaunchSignup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Found : HKCU\Software\RegisteredApplicationsEx
Key Found : HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Found : [x64] HKCU\Software\RegisteredApplicationsEx
Key Found : [x64] HKCU\Software\SmartBar
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Google Chrome v36.0.1985.143
 
 
*************************
 
AdwCleaner[R0].txt - [7085 octets] - [26/10/2014 02:42:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7145 octets] ##########


#11 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:39 AM

Posted 30 October 2014 - 07:51 AM

Hi Levaus.

 

This is a adwcleaner[R0].txt. Can you check for adwcleaner[S0].txt?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#12 Levaus

Levaus
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 31 October 2014 - 12:20 AM

# AdwCleaner v4.001 - Report created 30/10/2014 at 00:34:23
# DB v2014-10-26.6
# Updated 20/10/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Raider - RAIDER-PC
# Running from : C:\Users\Raider\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Derek\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Raider\AppData\Local\Chromatic Browser
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Derek\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\Raider\AppData\Local\torch
Folder Deleted : C:\Users\Raider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Driver Booster Scan
Task Deleted : LaunchSignup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Google Chrome v36.0.1985.143
 
 
*************************
 
AdwCleaner[R0].txt - [7257 octets] - [26/10/2014 02:42:22]
AdwCleaner[R1].txt - [3669 octets] - [30/10/2014 00:33:41]
AdwCleaner[S0].txt - [3261 octets] - [30/10/2014 00:34:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3321 octets] ##########


#13 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:39 AM

Posted 31 October 2014 - 01:55 PM

Hi Levaus.

 

OK, this is correct one, and it looks good.

 

Now we need to reinstall your google chrome.

 

First, if you have any bookmarks you want to save, in google chrome press Ctrl + Shift + O, then go to Organize > Export Bookmarks to HTML file... and save the HTML file on your desktop.

 

After that, download new installer from here and save to your desktop: http://www.google.com/chrome/

 

Then, go to Control Panel > Program and Features, select Google Chrome and press Uninstall. When the Uninstall Google Chrome dialog box appear check the box Also delete your browsing data? and press Uninstall.

 

After Google Chrome was uninstalled,  right click on the installer you downloaded and select Run as Administrator. And follow the prompt to install new Google Chrome. Please uncheck any additional offers in the installation.

 

To import your bookmarks back in, Press Ctrl + Shift + O, go to Organize > Import bookmarks from HTML file... and select the HTML file you saved before.

 

After you finished above steps, please post new FRST log file for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#14 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:39 AM

Posted 04 November 2014 - 04:05 AM

It had been over three days after my last reply, are you still there?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:39 AM

Posted 08 November 2014 - 03:46 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users