Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe com surrogate - It strikes again


  • This topic is locked This topic is locked
18 replies to this topic

#1 Art_Stealer12

Art_Stealer12

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 23 October 2014 - 08:16 PM

Hello Moderators,

 

dllhost.exe com surrogate files have been popping up on my task manager menu. The screen will temp load something that isn't really there and do nothing but eject me back from my full screen to the desktop. the dllhost.exe*32 keeps multiplying on me. I don't know if these two issues are the same for the loading and forcing me back to my desktop from full screen windows and the dllhost.exe*32 surrogate processes.

 

I am fairly average with my computer knowledge and have been stuck with this problem for a few days. After reading a few of the other forum threads, it looks like rewriting the registry key solves most of the issues.

 

Thank you for your time

 

Art_Stealer12



BC AdBot (Login to Remove)

 


#2 Art_Stealer12

Art_Stealer12
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 25 October 2014 - 08:25 AM

DDS Posted and attached file.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by Andy at 6:20:50 on 2014-10-25
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16335.13251 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_189_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: {7FE9ACCB-ECAC-6647-73E7-F010C66217C7} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1278C0D4-54DC-46F6-9FE8-18449EE845F4} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1278C0D4-54DC-46F6-9FE8-18449EE845F4}\348627F6D6563616374743137383 : DHCPNameServer = 192.168.255.249
TCP: Interfaces\{821E863F-348F-45AA-8E43-19DD904B28D1} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-11 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-4-11 224896]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-3-30 19264]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-9-29 19600]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2012-9-16 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-9-16 427360]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-3-12 240128]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-30 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-9-16 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-29 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-8 50344]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-30 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-3-12 190120]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-3-30 161560]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-5-4 25824]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-7-9 231752]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 125584]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-5-29 1141848]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-10-22 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-10-22 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-10-22 171928]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-3-30 363800]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-12-19 94720]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-3-30 357184]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-3-30 789824]
R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2008-1-17 18816]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-10-22 2283296]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-24 111616]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-12-15 351392]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-12-15 4862368]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-10-22 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-18 1255736]
S4 RalinkRegistryWriter;RalinkRegistryWriter;C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [2012-9-4 377088]
S4 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [2012-9-4 455424]
S4 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
S4 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
.
=============== Created Last 30 ================
.
2014-10-24 23:27:10 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-10-24 17:05:37 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-24 17:05:37 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-24 16:27:29 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-10-24 15:25:04 87200 ----a-w- C:\ProgramData\wrnhoah.tmp
2014-10-24 15:22:15 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5B33050B-D187-41D2-8B57-017E18DDE2AD}\mpengine.dll
2014-10-24 01:20:24 -------- d-----w- C:\FRST
2014-10-24 00:27:31 -------- d-----w- C:\ProgramData\IObit
2014-10-23 13:18:19 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-10-23 13:18:18 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-10-23 05:52:29 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-10-23 05:52:28 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-10-23 05:52:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-23 05:47:08 -------- d-----w- C:\Users\Andy\AppData\Roaming\ProductData
2014-10-23 05:46:03 34080 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2014-10-23 05:45:40 128288 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll
2014-10-23 05:09:55 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-10-23 04:33:55 -------- d-----w- C:\ProgramData\Glyph
2014-10-23 04:30:34 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-22 17:47:57 -------- d-----w- C:\Users\Andy\AppData\Local\Razer_Inc
2014-10-22 17:43:07 -------- d-sh--w- C:\Jumpshot
2014-10-22 17:42:21 -------- d-----w- C:\Windows\jumpshot.com
2014-10-22 14:18:23 -------- d-----w- C:\Users\Andy\AppData\Local\CrashDumps
2014-10-21 02:59:51 -------- d-----w- C:\ArcheAge
2014-10-20 14:38:57 -------- d-----w- C:\Users\Andy\AppData\Local\Glyph
2014-10-20 05:58:25 -------- d-----w- C:\AdwCleaner
2014-10-16 13:20:12 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-16 13:20:08 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-16 13:20:08 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-16 13:20:08 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-16 13:20:08 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-16 13:20:06 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-16 13:20:06 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-16 13:20:03 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-16 13:20:02 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-16 13:20:02 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-16 13:18:57 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-16 13:18:57 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-04 14:56:15 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-04 14:56:15 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-04 14:56:15 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-02 04:40:38 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5BD0560C-6A5A-4632-9247-69F7ED0D041B}\gapaengine(19).dll
2014-10-02 04:40:38 1188440 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5BD0560C-6A5A-4632-9247-69F7ED0D041B}\gapaengine.dll
2014-10-01 13:04:39 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-10-01 13:04:39 371712 ----a-w- C:\Windows\System32\qdvd.dll
.
==================== Find3M  ====================
.
2014-10-18 20:52:04 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-24 01:01:03 3675824 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
.
============= FINISH:  6:21:55.25 ===============
 



#3 Art_Stealer12

Art_Stealer12
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 25 October 2014 - 08:28 AM

Attached the file to this reply. Didn't see the attach function in the quick reply.

Attached Files



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:39 PM

Posted 26 October 2014 - 10:35 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Art_Stealer12

Art_Stealer12
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 26 October 2014 - 12:49 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014
Ran by Andy (administrator) on ANDY-PC on 26-10-2014 10:46:02
Running from C:\Users\Andy\Desktop
Loaded Profile: Andy (Available profiles: Andy)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-29] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1765128062-2206046262-241672328-1000\...\Run: [Google Update] => C:\Users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-13] (Google Inc.)
HKU\S-1-5-21-1765128062-2206046262-241672328-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1765128062-2206046262-241672328-1000\...\MountPoints2: D - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-1765128062-2206046262-241672328-1000\...\MountPoints2: {7ebf36d4-45a9-11e3-b802-3085a99a8ba7} - E:\TLBootstrap_WPP.exe
HKU\S-1-5-21-1765128062-2206046262-241672328-1000\...\MountPoints2: {b9735f25-006f-11e2-901a-806e6f6e6963} - D:\Special_Offers_from_SPHE_PC.exe
HKU\S-1-5-21-1765128062-2206046262-241672328-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U218DHP&pc=U218
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {EB31F79C-23A7-4DDB-9FDC-9FC503F1261B} URL = http://search.conduit.com/Results.aspx?ctid=CT3304763&SearchSource=45&UM=2&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {7FE9ACCB-ECAC-6647-73E7-F010C66217C7} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Andy\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Andy\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-16]
FF HKCU\...\Firefox\Extensions: [uc@uc.com] - C:\Program Files (x86)\Unfriend Checker\FF

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=U142&ocid=U142DHP
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=U142&ocid=U142DHP", "hxxp://www.google.com/"
CHR Profile: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Google Cast) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-10-11]
CHR Extension: (Google Wallet) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-08]
CHR HKLM-x32\...\Chrome\Extension: [kpkbnefaikfaeadgidhpoanckoiaheli] - C:\Program Files (x86)\HDvidCodec.com\HDvidCodec10.crx [2014-07-08]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2014-07-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-08] (AVAST Software)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2283296 2014-10-22] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-07-09] (NETGEAR)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S4 RalinkRegistryWriter; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [377088 2012-09-04] (Ralink Technology, Corp.)
S4 RalinkRegistryWriter64; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [455424 2012-09-04] (Ralink Technology, Corp.)
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-10-02] (RealNetworks, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-08] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-08] ()
R3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2012-10-27] (CACE Technologies, Inc.)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-26 10:46 - 2014-10-26 10:46 - 00013514 _____ () C:\Users\Andy\Desktop\FRST.txt
2014-10-26 10:45 - 2014-10-26 10:45 - 02113024 _____ (Farbar) C:\Users\Andy\Desktop\FRST64.exe
2014-10-26 10:40 - 2014-10-26 10:40 - 00028180 _____ () C:\Users\Andy\Desktop\[Hiryuu] Madan no Ou to Vanadis - 04 [720p H264 AAC][A4458997].mkv.1.torrent
2014-10-25 06:22 - 2014-10-25 06:22 - 00016783 _____ () C:\Users\Andy\Desktop\attach.txt
2014-10-25 06:22 - 2014-10-25 06:21 - 00016499 _____ () C:\Users\Andy\Desktop\dds.txt
2014-10-25 06:19 - 2014-10-25 06:19 - 00688992 ____R (Swearware) C:\Users\Andy\Desktop\dds.com
2014-10-24 16:27 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-24 16:13 - 2014-10-24 16:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-24 16:13 - 2014-10-24 16:13 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-24 16:13 - 2014-10-24 16:13 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-24 16:13 - 2014-10-24 16:13 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-10-24 16:13 - 2014-10-24 16:13 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-10-24 16:13 - 2014-10-24 16:13 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-24 16:13 - 2014-10-24 16:13 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-10-24 16:13 - 2014-10-24 16:13 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-10-24 16:13 - 2014-10-24 16:13 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-10-24 16:13 - 2014-10-24 16:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-24 10:05 - 2014-10-24 10:05 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-24 10:05 - 2014-10-24 10:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-24 09:32 - 2014-10-24 09:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-24 09:32 - 2014-10-24 09:32 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-24 09:31 - 2014-10-25 22:22 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-24 09:31 - 2014-10-24 09:31 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-24 09:27 - 2014-10-24 09:27 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-24 09:27 - 2014-10-24 09:27 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-24 09:27 - 2014-10-24 09:27 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-10-24 09:27 - 2014-10-24 09:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-24 09:27 - 2014-10-24 09:27 - 00000000 ____D () C:\Program Files\Java
2014-10-24 09:21 - 2014-10-26 06:11 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FFDDFA84-C621-4CBB-85D7-DD5F35A23CBB}
2014-10-24 09:13 - 2014-10-24 16:15 - 00025958 _____ () C:\Windows\IE11_main.log
2014-10-24 09:12 - 2014-10-24 09:12 - 00001369 _____ () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-10-24 08:57 - 2014-10-26 10:31 - 00000560 _____ () C:\Windows\setupact.log
2014-10-24 08:57 - 2014-10-24 08:57 - 00001614 _____ () C:\Windows\PFRO.log
2014-10-24 08:57 - 2014-10-24 08:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-24 08:25 - 2014-10-24 08:53 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp
2014-10-24 08:23 - 2014-10-24 08:23 - 00000944 ____H () C:\ProgramData\@system2.att
2014-10-24 08:23 - 2014-10-24 08:23 - 00000448 ____H () C:\Users\Andy\AppData\Roaming\麽鎒駓覜
2014-10-23 18:20 - 2014-10-26 10:46 - 00000000 ____D () C:\FRST
2014-10-23 17:27 - 2014-10-23 17:27 - 00000000 ____D () C:\ProgramData\IObit
2014-10-23 06:18 - 2014-09-04 19:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-23 06:18 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-22 22:52 - 2014-10-22 23:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-22 22:52 - 2014-10-22 22:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-22 22:52 - 2014-10-22 22:52 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-22 22:52 - 2014-10-22 22:52 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-10-22 22:52 - 2014-10-22 22:52 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-10-22 22:52 - 2014-10-22 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-22 22:52 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-10-22 22:47 - 2014-10-22 22:47 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-10-22 22:47 - 2014-10-22 22:47 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\ProductData
2014-10-22 22:46 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2014-10-22 22:45 - 2014-10-22 22:45 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-10-22 22:45 - 2014-06-04 15:17 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2014-10-22 22:20 - 2014-10-23 07:04 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1765128062-2206046262-241672328-1000
2014-10-22 21:33 - 2014-10-22 21:33 - 00000000 ____D () C:\ProgramData\Glyph
2014-10-22 10:47 - 2014-10-22 10:47 - 00000000 ____D () C:\Users\Andy\AppData\Local\Razer_Inc
2014-10-22 10:47 - 2014-10-22 10:47 - 00000000 ____D () C:\ProgramData\Razer
2014-10-22 10:46 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-10-22 10:46 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-10-22 10:46 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-10-22 10:46 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-10-22 10:46 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-10-22 10:46 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-22 10:46 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-10-22 10:46 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-10-22 10:46 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-10-22 10:46 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-10-22 10:46 - 2013-10-01 17:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-10-22 10:46 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-10-22 10:46 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-22 10:46 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-22 10:46 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-10-22 10:46 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-22 10:43 - 2014-10-22 08:27 - 00000000 __SHD () C:\Jumpshot
2014-10-22 10:42 - 2014-10-22 18:49 - 00000000 ____D () C:\Windows\jumpshot.com
2014-10-22 10:39 - 2014-10-22 21:19 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1765128062-2206046262-241672328-1000
2014-10-22 10:39 - 2014-10-22 21:19 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1765128062-2206046262-241672328-1000
2014-10-22 08:10 - 2014-10-26 10:40 - 00007632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-22 08:10 - 2014-10-26 10:40 - 00007632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-22 07:18 - 2014-10-24 08:54 - 00000000 ____D () C:\Users\Andy\AppData\Local\CrashDumps
2014-10-21 19:49 - 2014-10-24 08:22 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-20 19:59 - 2014-10-22 10:17 - 00000000 ____D () C:\Users\Andy\Documents\ArcheAge
2014-10-20 19:59 - 2014-10-20 19:59 - 00000000 ____D () C:\ArcheAge
2014-10-20 07:38 - 2014-10-22 22:49 - 00000000 ____D () C:\Users\Andy\AppData\Local\Glyph
2014-10-19 22:58 - 2014-10-19 22:59 - 00000000 ____D () C:\AdwCleaner
2014-10-16 06:20 - 2014-10-09 19:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 06:20 - 2014-10-09 19:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 06:20 - 2014-10-09 19:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 06:20 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 06:20 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 06:20 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 06:20 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 06:20 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 06:20 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 06:20 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 06:19 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 06:19 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 06:19 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 06:19 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 06:19 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 06:19 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 06:19 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 06:19 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 06:19 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 06:19 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 06:19 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 06:19 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 06:19 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 06:19 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 06:19 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 06:18 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 06:18 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-07 06:34 - 2014-10-07 06:34 - 00015312 ____N () C:\Users\Andy\Desktop\[Hatsuyuki]_Maken-Ki!_[1280x720_x264_AAC].torrent
2014-10-04 07:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-04 07:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-04 07:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-01 06:04 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 06:04 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-26 10:44 - 2012-01-01 15:06 - 00000000 ____D () C:\BTGUARD
2014-10-26 10:36 - 2012-09-16 19:34 - 01775287 _____ () C:\Windows\WindowsUpdate.log
2014-10-26 10:35 - 2014-03-05 18:25 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1765128062-2206046262-241672328-1000UA.job
2014-10-26 10:35 - 2012-09-16 20:36 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-26 10:31 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-26 08:04 - 2014-08-16 23:08 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\vlc
2014-10-26 07:30 - 2012-09-16 20:36 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-26 06:40 - 2008-11-02 16:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-25 06:09 - 2012-09-16 20:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-24 19:07 - 2012-09-16 22:36 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Skype
2014-10-24 18:35 - 2014-03-05 18:25 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1765128062-2206046262-241672328-1000Core.job
2014-10-24 16:15 - 2012-09-16 20:30 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-10-24 16:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-24 15:26 - 2014-03-09 16:33 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Media Player Classic
2014-10-24 10:15 - 2014-04-16 07:25 - 00000000 ____D () C:\Program Files (x86)\Zenimax Online
2014-10-24 10:15 - 2012-09-16 20:24 - 00000000 ____D () C:\Users\Andy
2014-10-24 10:05 - 2014-06-15 07:56 - 00000000 ____D () C:\Users\Andy\AppData\Local\Adobe
2014-10-24 09:27 - 2012-12-05 17:34 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-24 09:12 - 2012-09-16 20:25 - 00001443 _____ () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-24 09:11 - 2012-09-16 20:30 - 00000000 ____D () C:\Windows\Panther
2014-10-24 08:32 - 2012-09-16 20:38 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-23 20:19 - 2014-07-20 13:38 - 00000000 ____D () C:\Users\Andy\AppData\Local\Deployment
2014-10-23 20:18 - 2012-09-18 06:25 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Real
2014-10-23 20:18 - 2012-09-18 06:23 - 00000000 ____D () C:\ProgramData\Real
2014-10-23 20:18 - 2010-01-22 18:54 - 00000000 ____D () C:\Program Files (x86)\Real
2014-10-23 07:04 - 2014-09-02 03:59 - 00003222 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1765128062-2206046262-241672328-1000
2014-10-22 22:48 - 2010-11-11 09:16 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-10-22 22:45 - 2012-11-25 09:29 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\IObit
2014-10-22 22:45 - 2012-09-18 06:19 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Apple Computer
2014-10-22 22:24 - 2009-07-13 22:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-22 21:33 - 2012-09-16 20:36 - 00000000 ____D () C:\Users\Andy\AppData\Local\Google
2014-10-22 21:31 - 2013-12-01 17:08 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\BitTorrent Sync
2014-10-22 15:26 - 2012-09-16 20:24 - 08912896 ___SH () C:\Users\Andy\.ghost-ntfs-3g-00000000000000000009
2014-10-22 15:26 - 2009-07-13 19:34 - 78905344 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000001
2014-10-22 15:26 - 2009-07-13 19:34 - 22020096 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000003
2014-10-22 15:21 - 2011-02-10 09:45 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-10-22 15:20 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-22 10:40 - 2012-10-05 07:43 - 00001926 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-22 10:29 - 2013-02-08 12:24 - 00000000 ____D () C:\Users\Andy\AppData\Local\SwvUpdater
2014-10-22 10:28 - 2012-09-16 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-22 10:17 - 2014-09-02 20:50 - 00000000 ____D () C:\Windows\Minidump
2014-10-22 10:17 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-10-22 10:04 - 2014-07-20 13:38 - 00000000 ____D () C:\Users\Andy\AppData\Local\Apps\2.0
2014-10-22 10:04 - 2012-09-17 09:17 - 00000000 ____D () C:\ProgramData\Apple
2014-10-18 21:40 - 2013-03-26 12:53 - 00000000 ____D () C:\Users\Andy\Desktop\Middle Earth Adventuring Group
2014-10-18 13:52 - 2014-04-29 06:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-18 09:54 - 2013-07-04 09:38 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Awesomium
2014-10-18 03:25 - 2012-09-16 20:36 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 03:25 - 2012-09-16 20:36 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 23:40 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 17:50 - 2009-07-13 21:45 - 00418224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 17:49 - 2014-05-06 06:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 08:00 - 2014-06-12 08:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 07:58 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 07:45 - 2012-09-21 10:24 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 21:37 - 2013-12-13 17:15 - 00000000 ____D () C:\Users\Andy\Desktop\Stubs
2014-10-12 17:04 - 2010-08-25 13:19 - 00000000 ___RD () C:\Users\Andy\Desktop\Folders
2014-10-11 18:30 - 2014-03-05 18:25 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1765128062-2206046262-241672328-1000UA
2014-10-11 18:30 - 2014-03-05 18:25 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1765128062-2206046262-241672328-1000Core
2014-10-09 06:13 - 2012-12-17 18:41 - 00003378 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1765128062-2206046262-241672328-1000
2014-10-04 08:08 - 2013-03-30 10:14 - 00000000 ____D () C:\Windows\AsusInstAll
2014-10-01 05:59 - 2013-01-13 09:55 - 00000000 ____D () C:\Windows\pss

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 07:02

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2014
Ran by Andy at 2014-10-26 10:46:49
Running from C:\Users\Andy\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40312 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1124.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0312.1131.18796 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{8F3C9854-8EB9-3D28-4AD7-E3ADD800C7E3}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Combined Community Codec Pack 2014-04-20 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.04.20.0 - CCCP Project)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ffdshow (remove only) (HKLM-x32\...\ffdshow) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® Network Connections 17.1.55.0 (HKLM\...\PROSetDX) (Version: 17.1.55.0 - Intel)
Intel® Network Connections 17.1.55.0 (Version: 17.1.55.0 - Intel) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Marvel Heroes (HKLM-x32\...\Steam App 226320) (Version:  - Gazillion Entertainment)
Memeo AutoSync (HKLM-x32\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version:  - Memeo Inc.)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MPC-HC 1.6.6.6957 (3975d54) (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.6.6957 - MPC-HC Team)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.26.50  - NETGEAR Inc.)
NETGEAR WNDA4100 Genie (HKLM-x32\...\InstallShield_{422FB885-2E3D-4F0C-8C47-BF4336B5318B}) (Version: 1.2.0.10 - NETGEAR)
NETGEAR WNDA4100 Genie (x32 Version: 1.2.0.10 - NETGEAR) Hidden
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Widevine Media Optimizer Chrome 6.0.0 (HKCU\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1765128062-2206046262-241672328-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Andy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1765128062-2206046262-241672328-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Andy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1765128062-2206046262-241672328-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Andy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1765128062-2206046262-241672328-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-1765128062-2206046262-241672328-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Andy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1765128062-2206046262-241672328-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Andy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

19-10-2014 15:52:43 Scheduled Checkpoint
20-10-2014 02:14:27 Windows Update
20-10-2014 14:51:49 Removed Bonjour
20-10-2014 14:54:13 Removed Apple Application Support
22-10-2014 16:59:57 Restore Operation
22-10-2014 17:44:55 Windows Update
23-10-2014 04:31:59 Removed Bonjour
23-10-2014 13:45:40 Windows Update
24-10-2014 00:38:27 OTL Restore Point - 10/23/2014 5:38:23 PM
24-10-2014 03:19:39 Removed Apple Application Support
24-10-2014 03:20:17 Removed Apple Mobile Device Support
24-10-2014 03:20:39 Removed Apple Mobile Device Support
24-10-2014 15:35:44 Removed Adobe Reader XI (11.0.09).
24-10-2014 15:37:03 Removed Java SE Development Kit 7 Update 7 (64-bit)
24-10-2014 15:38:18 Removed Apple Software Update
24-10-2014 15:41:57 Removed Java 7 Update 9 (64-bit)
24-10-2014 15:43:54 Removed Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC).
24-10-2014 16:04:05 Windows Modules Installer
24-10-2014 16:14:32 Windows Modules Installer
24-10-2014 16:26:51 Installed Java 7 Update 71 (64-bit)
24-10-2014 23:11:34 Windows Modules Installer
25-10-2014 05:19:39 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AB8A75B-605D-4991-826D-5A67A0DA9EAD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-08] (AVAST Software)
Task: {0FA5CF84-BD99-43FD-AEEE-7EA2FA57C5F4} - System32\Tasks\{DC034147-44EA-45B0-921B-533D541D4057} => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [2011-06-01] ()
Task: {12D62072-0086-4925-886D-399BE9FBF70A} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {15934046-6906-475B-ABD1-48474348AC55} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {4003316D-53D8-4A66-97FF-1B4BF8AB9C8B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {4C8B062E-72C8-4D72-A7A6-00CD4559FBD3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1765128062-2206046262-241672328-1000Core => C:\Users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-13] (Google Inc.)
Task: {563A448C-3CD3-4999-A173-4BC41B92C1C2} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1765128062-2206046262-241672328-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {5EA13A22-37EF-4242-9FE0-F6CA24BC969C} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1765128062-2206046262-241672328-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {649FC314-B6AE-479B-B638-ADCD4997F7B4} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1765128062-2206046262-241672328-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {65CACA35-FBF3-4C5D-91C6-31ED74FF0F19} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {933CF7D8-DAD9-4194-9D84-986BA50EE14D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1765128062-2206046262-241672328-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {A3D85356-1CA1-4E9F-895C-619C6474B746} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {AFFC46B3-D47A-49DC-B496-8F4AD04E1DAE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {B3AC70DC-6F30-4E9B-91A1-016DB7A7E2EA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1765128062-2206046262-241672328-1000UA => C:\Users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-13] (Google Inc.)
Task: {BACE37D5-31C0-4301-927B-62D20B6D41B1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {C047DB7F-A05F-4E71-A15A-59961607E70F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {D524A34A-0474-4601-B985-7D0E9A947C97} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1765128062-2206046262-241672328-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {E4E1543D-7FC9-4131-9D04-BA467BBD2E54} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1765128062-2206046262-241672328-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {EB5F3ECA-A9D8-4006-97D3-070969F2DA4E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {EE681324-0646-4324-921F-B2075A76692F} - System32\Tasks\4577 => Wscript.exe C:\Users\Andy\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {FCEDF0D6-28A5-476E-B340-4C9DD55B4AA0} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1765128062-2206046262-241672328-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1765128062-2206046262-241672328-1000Core.job => C:\Users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1765128062-2206046262-241672328-1000UA.job => C:\Users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-08 10:23 - 2014-07-08 10:23 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-25 22:21 - 2014-10-25 22:21 - 02897920 _____ () C:\Program Files\AVAST Software\Avast\defs\14102501\algo.dll
2014-05-29 07:17 - 2014-10-02 19:36 - 00864856 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-10-22 22:52 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-10-22 22:52 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-10-22 22:52 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-10-22 22:52 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-10-22 22:52 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-07-08 10:23 - 2014-07-08 10:23 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-16 17:56 - 2014-10-16 17:56 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2013-03-30 10:53 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-03-30 10:50 - 2012-02-07 17:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: RalinkRegistryWriter => 2
MSCONFIG\Services: RalinkRegistryWriter64 => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RealPlayer Cloud Service => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: SeagateDashboardService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNDA4100 Genie.lnk => C:\Windows\pss\NETGEAR WNDA4100 Genie.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Andy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk => C:\Windows\pss\Xfire.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BitTorrent Sync => "C:\Program Files (x86)\BitTorrent Sync\BTSync.exe"  /MINIMIZED
MSCONFIG\startupreg: Google Update => "C:\Users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Memeo AutoSync => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
MSCONFIG\startupreg: Memeo Instant Backup => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
MSCONFIG\startupreg: NETGEARGenie => "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ROC_ROC_NT => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot

========================= Accounts: ==========================

Administrator (S-1-5-21-1765128062-2206046262-241672328-500 - Administrator - Disabled)
Andy (S-1-5-21-1765128062-2206046262-241672328-1000 - Administrator - Enabled) => C:\Users\Andy
Guest (S-1-5-21-1765128062-2206046262-241672328-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1765128062-2206046262-241672328-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/26/2014 10:42:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001701e2
Faulting process id: 0xe9c
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/26/2014 10:37:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000701e2
Faulting process id: 0x1064
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/26/2014 10:33:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/26/2014 08:19:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/26/2014 07:48:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x2f7c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/26/2014 06:40:05 AM) (Source: MsiInstaller) (EventID: 11316) (User: Andy-PC)
Description: Product: NVIDIA PhysX -- Error 1316. The specified account already exists.

Error: (10/26/2014 06:09:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/25/2014 10:29:36 PM) (Source: MsiInstaller) (EventID: 11316) (User: Andy-PC)
Description: Product: NVIDIA PhysX -- Error 1316. The specified account already exists.

Error: (10/25/2014 10:22:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/25/2014 07:05:04 AM) (Source: MsiInstaller) (EventID: 11316) (User: Andy-PC)
Description: Product: NVIDIA PhysX -- Error 1316. The specified account already exists.

System errors:
=============
Error: (10/26/2014 10:35:35 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/26/2014 08:20:44 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/26/2014 08:18:44 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:05:45 AM on ‎10/‎26/‎2014 was unexpected.

Error: (10/26/2014 06:09:41 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/26/2014 06:08:01 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:19:49 AM on ‎10/‎26/‎2014 was unexpected.

Error: (10/25/2014 10:23:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/25/2014 06:40:29 AM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_189_ActiveX.exe -Embedding2{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}

Error: (10/25/2014 06:10:47 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/25/2014 06:08:30 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:52:43 PM on ‎10/‎24/‎2014 was unexpected.

Error: (10/24/2014 04:35:07 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Microsoft Office Sessions:
=========================
Error: (12/30/2013 06:28:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 13003 seconds with 1380 seconds of active time.  This session ended with a crash.

Error: (12/29/2013 07:48:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 5633 seconds with 5160 seconds of active time.  This session ended with a crash.

Error: (07/24/2013 08:39:30 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 14%
Total physical RAM: 16334.52 MB
Available physical RAM: 14010.13 MB
Total Pagefile: 32667.22 MB
Available Pagefile: 30161.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.17 GB) (Free:219.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 18479C44)
Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 Art_Stealer12

Art_Stealer12
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 26 October 2014 - 12:50 PM

By the way.

 

Hello Deeprybka,

 

Thank you for taking your time to help me with this issue.



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:39 PM

Posted 26 October 2014 - 01:31 PM

Hi,

warning.gif SpyBot S&D Warning

MVPS.org is no longer recommending SpyBot S&D due to very poor testing results (scroll down and read under Freeware Antispyware Products).
My advice is to get rid of this program. To do so:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for SpyBot, right-click the entry and click Uninstall.

This is optional, but please consider it.


xgoGMWSt.gif.pagespeed.ic.T3xMEQZT0d.png Multiple Anti-Virus-Software warning!

It is inadvisable to have more than one Anti-Virus installed on your computer at the same time. Doing so may:

  • Cause conflicts, negatively impacting the effectiveness of each Anti-Virus installed.
  • Trigger false-positives.
  • Trigger false-negatives, where neither programme detects malware.
  • Cause system instability/performance issues. Your system may lock up or slow down due to both software attempting to access the same file at the same time.

Step 1

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for Microsoft Security Essentials , right-click the entry and click Uninstall.

warning.gif Malware Warning

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.


Step 2

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1765128062-2206046262-241672328-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
    Task: {12D62072-0086-4925-886D-399BE9FBF70A} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
    Task: {EE681324-0646-4324-921F-B2075A76692F} - System32\Tasks\4577 => Wscript.exe C:\Users\Andy\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    SearchScopes: HKCU - {EB31F79C-23A7-4DDB-9FDC-9FC503F1261B} URL = http://search.conduit.com/Results.aspx?ctid=CT3304763&SearchSource=45&UM=2&q={searchTerms}
    BHO-x32: No Name -> {7FE9ACCB-ECAC-6647-73E7-F010C66217C7} ->  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

After the Reboot:

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 Art_Stealer12

Art_Stealer12
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 26 October 2014 - 03:51 PM

Here are both the Fixlog.txt and FRST.txt after the Fix and second Scan

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2014
Ran by Andy at 2014-10-26 13:38:44 Run:4
Running from C:\Users\Andy\Desktop
Loaded Profile: Andy (Available profiles: Andy)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1765128062-2206046262-241672328-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Task: {12D62072-0086-4925-886D-399BE9FBF70A} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {EE681324-0646-4324-921F-B2075A76692F} - System32\Tasks\4577 => Wscript.exe C:\Users\Andy\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
SearchScopes: HKCU - {EB31F79C-23A7-4DDB-9FDC-9FC503F1261B} URL = http://search.conduit.com/Results.aspx?ctid=CT3304763&SearchSource=45&UM=2&q={searchTerms}
BHO-x32: No Name -> {7FE9ACCB-ECAC-6647-73E7-F010C66217C7} ->  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
*****************

Processes closed successfully.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1765128062-2206046262-241672328-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-1765128062-2206046262-241672328-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12D62072-0086-4925-886D-399BE9FBF70A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12D62072-0086-4925-886D-399BE9FBF70A}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE681324-0646-4324-921F-B2075A76692F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE681324-0646-4324-921F-B2075A76692F}" => Key deleted successfully.
C:\Windows\System32\Tasks\4577 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4577" => Key deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EB31F79C-23A7-4DDB-9FDC-9FC503F1261B}" => Key deleted successfully.
"HKCR\CLSID\{EB31F79C-23A7-4DDB-9FDC-9FC503F1261B}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FE9ACCB-ECAC-6647-73E7-F010C66217C7}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{7FE9ACCB-ECAC-6647-73E7-F010C66217C7}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.

The system needed a reboot.

==== End of Fixlog ====

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014
Ran by Andy (administrator) on ANDY-PC on 26-10-2014 13:46:35
Running from C:\Users\Andy\Desktop
Loaded Profile: Andy (Available profiles: Andy)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-29] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-1765128062-2206046262-241672328-1000\...\Run: [Google Update] => C:\Users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-13] (Google Inc.)
HKU\S-1-5-21-1765128062-2206046262-241672328-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1765128062-2206046262-241672328-1000\...\MountPoints2: D - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-1765128062-2206046262-241672328-1000\...\MountPoints2: {7ebf36d4-45a9-11e3-b802-3085a99a8ba7} - E:\TLBootstrap_WPP.exe
HKU\S-1-5-21-1765128062-2206046262-241672328-1000\...\MountPoints2: {b9735f25-006f-11e2-901a-806e6f6e6963} - D:\Special_Offers_from_SPHE_PC.exe
HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U218DHP&pc=U218
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Andy\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Andy\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-16]
FF HKCU\...\Firefox\Extensions: [uc@uc.com] - C:\Program Files (x86)\Unfriend Checker\FF

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=U142&ocid=U142DHP
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=U142&ocid=U142DHP", "hxxp://www.google.com/"
CHR Profile: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Google Cast) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-10-11]
CHR Extension: (Google Wallet) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-08]
CHR HKLM-x32\...\Chrome\Extension: [kpkbnefaikfaeadgidhpoanckoiaheli] - C:\Program Files (x86)\HDvidCodec.com\HDvidCodec10.crx [2014-07-08]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2014-07-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-08] (AVAST Software)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2283296 2014-10-22] (IObit)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-07-09] (NETGEAR)
S4 RalinkRegistryWriter; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [377088 2012-09-04] (Ralink Technology, Corp.)
S4 RalinkRegistryWriter64; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [455424 2012-09-04] (Ralink Technology, Corp.)
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-10-02] (RealNetworks, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-08] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-08] ()
R3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2012-10-27] (CACE Technologies, Inc.)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-26 13:35 - 2014-10-26 13:36 - 00000085 _____ () C:\Windows\wininit.ini
2014-10-26 10:46 - 2014-10-26 13:46 - 00010990 _____ () C:\Users\Andy\Desktop\FRST.txt
2014-10-26 10:46 - 2014-10-26 10:47 - 00029096 _____ () C:\Users\Andy\Desktop\Addition.txt
2014-10-26 10:45 - 2014-10-26 10:45 - 02113024 _____ (Farbar) C:\Users\Andy\Desktop\FRST64.exe
2014-10-25 06:22 - 2014-10-25 06:22 - 00016783 _____ () C:\Users\Andy\Desktop\attach.txt
2014-10-25 06:22 - 2014-10-25 06:21 - 00016499 _____ () C:\Users\Andy\Desktop\dds.txt
2014-10-25 06:19 - 2014-10-25 06:19 - 00688992 ____R (Swearware) C:\Users\Andy\Desktop\dds.com
2014-10-24 16:27 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-24 16:13 - 2014-10-24 16:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-24 16:13 - 2014-10-24 16:13 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-24 16:13 - 2014-10-24 16:13 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-24 16:13 - 2014-10-24 16:13 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-10-24 16:13 - 2014-10-24 16:13 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-10-24 16:13 - 2014-10-24 16:13 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-24 16:13 - 2014-10-24 16:13 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-10-24 16:13 - 2014-10-24 16:13 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-10-24 16:13 - 2014-10-24 16:13 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-10-24 16:13 - 2014-10-24 16:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-10-24 16:13 - 2014-10-24 16:13 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-24 16:13 - 2014-10-24 16:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-24 10:05 - 2014-10-24 10:05 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-24 10:05 - 2014-10-24 10:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-24 09:32 - 2014-10-24 09:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-24 09:32 - 2014-10-24 09:32 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-24 09:31 - 2014-10-25 22:22 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-24 09:31 - 2014-10-24 09:31 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-24 09:27 - 2014-10-24 09:27 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-24 09:27 - 2014-10-24 09:27 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-24 09:27 - 2014-10-24 09:27 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-10-24 09:27 - 2014-10-24 09:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-24 09:27 - 2014-10-24 09:27 - 00000000 ____D () C:\Program Files\Java
2014-10-24 09:21 - 2014-10-26 12:44 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FFDDFA84-C621-4CBB-85D7-DD5F35A23CBB}
2014-10-24 09:13 - 2014-10-24 16:15 - 00025958 _____ () C:\Windows\IE11_main.log
2014-10-24 09:12 - 2014-10-24 09:12 - 00001369 _____ () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-10-24 08:57 - 2014-10-26 13:42 - 00004734 _____ () C:\Windows\PFRO.log
2014-10-24 08:57 - 2014-10-26 13:42 - 00000616 _____ () C:\Windows\setupact.log
2014-10-24 08:57 - 2014-10-24 08:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-24 08:25 - 2014-10-24 08:53 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp
2014-10-24 08:23 - 2014-10-24 08:23 - 00000944 ____H () C:\ProgramData\@system2.att
2014-10-24 08:23 - 2014-10-24 08:23 - 00000448 ____H () C:\Users\Andy\AppData\Roaming\麽鎒駓覜
2014-10-23 18:20 - 2014-10-26 13:46 - 00000000 ____D () C:\FRST
2014-10-23 17:27 - 2014-10-23 17:27 - 00000000 ____D () C:\ProgramData\IObit
2014-10-23 06:18 - 2014-09-04 19:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-23 06:18 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-22 22:52 - 2014-10-26 13:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-22 22:52 - 2014-10-26 13:35 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-22 22:52 - 2014-10-22 22:52 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-10-22 22:47 - 2014-10-22 22:47 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-10-22 22:47 - 2014-10-22 22:47 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\ProductData
2014-10-22 22:46 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2014-10-22 22:45 - 2014-10-22 22:45 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-10-22 22:45 - 2014-06-04 15:17 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2014-10-22 22:20 - 2014-10-23 07:04 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1765128062-2206046262-241672328-1000
2014-10-22 21:33 - 2014-10-22 21:33 - 00000000 ____D () C:\ProgramData\Glyph
2014-10-22 10:47 - 2014-10-22 10:47 - 00000000 ____D () C:\Users\Andy\AppData\Local\Razer_Inc
2014-10-22 10:47 - 2014-10-22 10:47 - 00000000 ____D () C:\ProgramData\Razer
2014-10-22 10:46 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-10-22 10:46 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-10-22 10:46 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-10-22 10:46 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-10-22 10:46 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-10-22 10:46 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-22 10:46 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-10-22 10:46 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-10-22 10:46 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-10-22 10:46 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-10-22 10:46 - 2013-10-01 17:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-10-22 10:46 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-10-22 10:46 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-22 10:46 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-22 10:46 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-10-22 10:46 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-22 10:43 - 2014-10-22 08:27 - 00000000 __SHD () C:\Jumpshot
2014-10-22 10:42 - 2014-10-22 18:49 - 00000000 ____D () C:\Windows\jumpshot.com
2014-10-22 10:39 - 2014-10-22 21:19 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1765128062-2206046262-241672328-1000
2014-10-22 10:39 - 2014-10-22 21:19 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1765128062-2206046262-241672328-1000
2014-10-22 08:10 - 2014-10-26 10:40 - 00007632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-22 08:10 - 2014-10-26 10:40 - 00007632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-22 07:18 - 2014-10-24 08:54 - 00000000 ____D () C:\Users\Andy\AppData\Local\CrashDumps
2014-10-21 19:49 - 2014-10-24 08:22 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-20 19:59 - 2014-10-22 10:17 - 00000000 ____D () C:\Users\Andy\Documents\ArcheAge
2014-10-20 19:59 - 2014-10-20 19:59 - 00000000 ____D () C:\ArcheAge
2014-10-20 07:38 - 2014-10-22 22:49 - 00000000 ____D () C:\Users\Andy\AppData\Local\Glyph
2014-10-19 22:58 - 2014-10-19 22:59 - 00000000 ____D () C:\AdwCleaner
2014-10-16 06:20 - 2014-10-09 19:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 06:20 - 2014-10-09 19:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 06:20 - 2014-10-09 19:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 06:20 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 06:20 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 06:20 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 06:20 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 06:20 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 06:20 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 06:20 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 06:19 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 06:19 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 06:19 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 06:19 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 06:19 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 06:19 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 06:19 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 06:19 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 06:19 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 06:19 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 06:19 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 06:19 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 06:19 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 06:19 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 06:19 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 06:18 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 06:18 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-07 06:34 - 2014-10-07 06:34 - 00015312 ____N () C:\Users\Andy\Desktop\[Hatsuyuki]_Maken-Ki!_[1280x720_x264_AAC].torrent
2014-10-04 07:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-04 07:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-04 07:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-01 06:04 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 06:04 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-26 13:43 - 2012-09-16 20:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-26 13:43 - 2012-09-16 20:36 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-26 13:42 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-26 13:41 - 2012-09-16 19:34 - 01780328 _____ () C:\Windows\WindowsUpdate.log
2014-10-26 13:37 - 2012-09-16 20:30 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-10-26 13:35 - 2014-03-05 18:25 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1765128062-2206046262-241672328-1000UA.job
2014-10-26 13:30 - 2012-09-16 20:36 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-26 11:58 - 2014-08-16 23:08 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\vlc
2014-10-26 11:17 - 2008-11-02 16:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-26 10:44 - 2012-01-01 15:06 - 00000000 ____D () C:\BTGUARD
2014-10-24 19:07 - 2012-09-16 22:36 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Skype
2014-10-24 18:35 - 2014-03-05 18:25 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1765128062-2206046262-241672328-1000Core.job
2014-10-24 16:15 - 2012-09-16 20:30 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-10-24 16:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-24 15:26 - 2014-03-09 16:33 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Media Player Classic
2014-10-24 10:15 - 2014-04-16 07:25 - 00000000 ____D () C:\Program Files (x86)\Zenimax Online
2014-10-24 10:15 - 2012-09-16 20:24 - 00000000 ____D () C:\Users\Andy
2014-10-24 10:05 - 2014-06-15 07:56 - 00000000 ____D () C:\Users\Andy\AppData\Local\Adobe
2014-10-24 09:27 - 2012-12-05 17:34 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-24 09:12 - 2012-09-16 20:25 - 00001443 _____ () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-24 09:11 - 2012-09-16 20:30 - 00000000 ____D () C:\Windows\Panther
2014-10-24 08:32 - 2012-09-16 20:38 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-23 20:19 - 2014-07-20 13:38 - 00000000 ____D () C:\Users\Andy\AppData\Local\Deployment
2014-10-23 20:18 - 2012-09-18 06:25 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Real
2014-10-23 20:18 - 2012-09-18 06:23 - 00000000 ____D () C:\ProgramData\Real
2014-10-23 20:18 - 2010-01-22 18:54 - 00000000 ____D () C:\Program Files (x86)\Real
2014-10-23 07:04 - 2014-09-02 03:59 - 00003222 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1765128062-2206046262-241672328-1000
2014-10-22 22:48 - 2010-11-11 09:16 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-10-22 22:45 - 2012-11-25 09:29 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\IObit
2014-10-22 22:45 - 2012-09-18 06:19 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Apple Computer
2014-10-22 22:24 - 2009-07-13 22:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-22 21:33 - 2012-09-16 20:36 - 00000000 ____D () C:\Users\Andy\AppData\Local\Google
2014-10-22 21:31 - 2013-12-01 17:08 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\BitTorrent Sync
2014-10-22 15:26 - 2012-09-16 20:24 - 08912896 ___SH () C:\Users\Andy\.ghost-ntfs-3g-00000000000000000009
2014-10-22 15:26 - 2009-07-13 19:34 - 78905344 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000001
2014-10-22 15:26 - 2009-07-13 19:34 - 22020096 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000003
2014-10-22 15:21 - 2011-02-10 09:45 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-10-22 15:20 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-22 10:40 - 2012-10-05 07:43 - 00001926 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-22 10:29 - 2013-02-08 12:24 - 00000000 ____D () C:\Users\Andy\AppData\Local\SwvUpdater
2014-10-22 10:28 - 2012-09-16 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-22 10:17 - 2014-09-02 20:50 - 00000000 ____D () C:\Windows\Minidump
2014-10-22 10:17 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-10-22 10:04 - 2014-07-20 13:38 - 00000000 ____D () C:\Users\Andy\AppData\Local\Apps\2.0
2014-10-22 10:04 - 2012-09-17 09:17 - 00000000 ____D () C:\ProgramData\Apple
2014-10-18 21:40 - 2013-03-26 12:53 - 00000000 ____D () C:\Users\Andy\Desktop\Middle Earth Adventuring Group
2014-10-18 13:52 - 2014-04-29 06:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-18 09:54 - 2013-07-04 09:38 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Awesomium
2014-10-18 03:25 - 2012-09-16 20:36 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 03:25 - 2012-09-16 20:36 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 23:40 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 17:50 - 2009-07-13 21:45 - 00418224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 17:49 - 2014-05-06 06:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 08:00 - 2014-06-12 08:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 07:58 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 07:45 - 2012-09-21 10:24 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 21:37 - 2013-12-13 17:15 - 00000000 ____D () C:\Users\Andy\Desktop\Stubs
2014-10-12 17:04 - 2010-08-25 13:19 - 00000000 ___RD () C:\Users\Andy\Desktop\Folders
2014-10-11 18:30 - 2014-03-05 18:25 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1765128062-2206046262-241672328-1000UA
2014-10-11 18:30 - 2014-03-05 18:25 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1765128062-2206046262-241672328-1000Core
2014-10-09 06:13 - 2012-12-17 18:41 - 00003378 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1765128062-2206046262-241672328-1000
2014-10-04 08:08 - 2013-03-30 10:14 - 00000000 ____D () C:\Windows\AsusInstAll
2014-10-01 05:59 - 2013-01-13 09:55 - 00000000 ____D () C:\Windows\pss

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 07:02

==================== End Of Log ============================



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:39 PM

Posted 26 October 2014 - 04:14 PM

Let's do a final check up:

Step 1


Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 Art_Stealer12

Art_Stealer12
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 26 October 2014 - 06:02 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=cce58ea51072974c993b3766d95f1c5f
# engine=20789
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-26 10:59:55
# local_time=2014-10-26 03:59:55 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 278381 178694885 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 165907845 0 0
# scanned=410027
# found=6
# cleaned=4
# scan_time=6103
sh=5F3C7309B549234F9A4DE81FEF916166133E36AA ft=1 fh=2d84adb70ff0de38 vn="a variant of Win32/Injector.BOBY trojan" ac=I fn="C:\Users\All Users\Windows Genuine Advantage\{8EE731F2-D056-4F45-8A09-5F1F8E071564}\msiexec.exe"
sh=5F3C7309B549234F9A4DE81FEF916166133E36AA ft=1 fh=2d84adb70ff0de38 vn="a variant of Win32/Injector.BOBY trojan" ac=I fn="C:\Users\All Users\Windows Genuine Advantage\{E1D090C0-79C7-4D6A-85AC-8BF9E9B56273}\msiexec.exe"
sh=5F3C7309B549234F9A4DE81FEF916166133E36AA ft=1 fh=2d84adb70ff0de38 vn="a variant of Win32/Injector.BOBY trojan (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\Windows Genuine Advantage\{8EE731F2-D056-4F45-8A09-5F1F8E071564}\msiexec.exe"
sh=5F3C7309B549234F9A4DE81FEF916166133E36AA ft=1 fh=2d84adb70ff0de38 vn="a variant of Win32/Injector.BOBY trojan (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\Windows Genuine Advantage\{E1D090C0-79C7-4D6A-85AC-8BF9E9B56273}\msiexec.exe"
sh=C62B0EFFFF4195E49B42ED2C1E096ADFBDF13710 ft=1 fh=32ab359e59f48897 vn="a variant of Win32/Injector.BOBY trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Andy\AppData\Local\Temp\4599.tmp"
sh=C62B0EFFFF4195E49B42ED2C1E096ADFBDF13710 ft=1 fh=32ab359e59f48897 vn="a variant of Win32/Injector.BOBY trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Andy\AppData\Local\Temp\8E1D.tmp"
 



#11 Art_Stealer12

Art_Stealer12
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 26 October 2014 - 08:25 PM

Reposting the ESET Log. Didn't have everything selected from your post.

 

 

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=cce58ea51072974c993b3766d95f1c5f
# engine=20789
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-26 10:59:55
# local_time=2014-10-26 03:59:55 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 278381 178694885 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 165907845 0 0
# scanned=410027
# found=6
# cleaned=4
# scan_time=6103
sh=5F3C7309B549234F9A4DE81FEF916166133E36AA ft=1 fh=2d84adb70ff0de38 vn="a variant of Win32/Injector.BOBY trojan" ac=I fn="C:\Users\All Users\Windows Genuine Advantage\{8EE731F2-D056-4F45-8A09-5F1F8E071564}\msiexec.exe"
sh=5F3C7309B549234F9A4DE81FEF916166133E36AA ft=1 fh=2d84adb70ff0de38 vn="a variant of Win32/Injector.BOBY trojan" ac=I fn="C:\Users\All Users\Windows Genuine Advantage\{E1D090C0-79C7-4D6A-85AC-8BF9E9B56273}\msiexec.exe"
sh=5F3C7309B549234F9A4DE81FEF916166133E36AA ft=1 fh=2d84adb70ff0de38 vn="a variant of Win32/Injector.BOBY trojan (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\Windows Genuine Advantage\{8EE731F2-D056-4F45-8A09-5F1F8E071564}\msiexec.exe"
sh=5F3C7309B549234F9A4DE81FEF916166133E36AA ft=1 fh=2d84adb70ff0de38 vn="a variant of Win32/Injector.BOBY trojan (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\Windows Genuine Advantage\{E1D090C0-79C7-4D6A-85AC-8BF9E9B56273}\msiexec.exe"
sh=C62B0EFFFF4195E49B42ED2C1E096ADFBDF13710 ft=1 fh=32ab359e59f48897 vn="a variant of Win32/Injector.BOBY trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Andy\AppData\Local\Temp\4599.tmp"
sh=C62B0EFFFF4195E49B42ED2C1E096ADFBDF13710 ft=1 fh=32ab359e59f48897 vn="a variant of Win32/Injector.BOBY trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Andy\AppData\Local\Temp\8E1D.tmp"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=cce58ea51072974c993b3766d95f1c5f
# engine=20789
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-27 01:24:57
# local_time=2014-10-26 06:24:57 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 287083 178703587 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 165916547 0 0
# scanned=413300
# found=0
# cleaned=0
# scan_time=7497
 



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:39 PM

Posted 27 October 2014 - 11:41 AM

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    2014-10-21 19:49 - 2014-10-24 08:22 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Step 2

Don't remove on your own anything that Hitman Pro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif


lesestoff.png

Can you please tell me which problems still persist now?
How is your computer running now?

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 Art_Stealer12

Art_Stealer12
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 27 October 2014 - 07:14 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2014
Ran by Andy at 2014-10-27 16:54:49 Run:5
Running from C:\Users\Andy\Desktop
Loaded Profile: Andy (Available profiles: Andy)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
2014-10-21 19:49 - 2014-10-24 08:22 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
EmptyTemp:
*****************

C:\ProgramData\Windows Genuine Advantage => Moved successfully.
EmptyTemp: => Removed 4.9 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====



#14 Art_Stealer12

Art_Stealer12
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 27 October 2014 - 07:25 PM

HitmanPro 3.7.9.225
www.hitmanpro.com
   Computer name . . . . : ANDY-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : Andy-PC\Andy
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2014-10-27 17:15:52
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 38s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 26
   Objects scanned . . . : 2,133,599
   Files scanned . . . . : 34,604
   Remnants scanned  . . : 760,355 files / 1,338,640 keys
Suspicious files ____________________________________________________________
   C:\Users\Andy\Desktop\FRST64.exe
      Size . . . . . . . : 2,113,024 bytes
      Age  . . . . . . . : 1.3 days (2014-10-26 10:45:12)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 7042770134EE1B61C553A735A8A25E8765EC57E601F2AD6A4AB01A6B27A225C0
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-1765128062-2206046262-241672328-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Andy\Desktop\FRST64.exe
      Forensic Cluster
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe
          0.0s C:\Users\Andy\Desktop\FRST64.exe

Malware remnants ____________________________________________________________
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}\ (Jotzey)
Potential Unwanted Programs _________________________________________________
   ask.com
   C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Web Data
   C:\Users\Andy\AppData\LocalLow\Conduit\ (Conduit)
   C:\Users\Andy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\ (Conduit)
   C:\Users\Andy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\ (Conduit)
   C:\Users\Andy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js (Conduit)
   C:\Users\Andy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\DialogsAPI.js (Conduit)
   C:\Users\Andy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\PIE.htc (Conduit)
   C:\Users\Andy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\settings.js (Conduit)
   HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}\ (Delta Search)
   HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}\ (FTDownloader)
   HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}\ (iPumper)
   HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{39CB8175-E224-4446-8746-00566302DF8D}\ (Delta Search)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}\ (FTDownloader)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ (Rocketfuel)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964\ (FLV Player)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467\ (FLV Player)
   HKU\S-1-5-21-1765128062-2206046262-241672328-1000\Software\Delta\ (SpeedUpMyPC)
   HKU\S-1-5-21-1765128062-2206046262-241672328-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe (FLV Player)
   HKU\S-1-5-21-1765128062-2206046262-241672328-1000\Software\Smartbar\ (Conduit)

 

 

Should I delete the files that were found in the scan?



#15 Art_Stealer12

Art_Stealer12
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 27 October 2014 - 08:15 PM

My computer is running better. I am also not seeing any more of those dllhost.exe*32 COM Surrogate messages on my taskbar.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users