Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Repeated attacks "resulting from" ...\WINDOWS\EXPLORER.EXE


  • This topic is locked This topic is locked
14 replies to this topic

#1 c_farmer

c_farmer

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 01 December 2014 - 03:26 PM

Hi, I want to start by thanking whoever takes the time to investigate this with me and help me.

 

I'm running Win7 64-bit. I've been suffering from what I imagine to be a wide variety of viruses and/or malware. I've been running several different antivirus programs in an attempt to rout them out, but nothing sticks - they keep finding hundreds of issues with each scan, and I tell them to fix it, and then they come right back after a reboot. I've run them both normally and in safe mode.

 

Norton keeps giving me notices of blocking attacks "resulting from" DEVICE\HARDDISKVOLUME2\WINDOWS\EXPLORER.EXE, with the attacker URL being different each time. On top of this, I am often redirected to ad websites when clicking on weblinks (I use only Chrome), and sometimes new tabs keep spawning without provocation. (I have exported Norton's security history log and can post that as well, if it would provide any information)

 

Here is the DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17420
Run by Chris at 13:12:37 on 2014-12-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8174.4518 [GMT -6:00]
.
AV: Spybot - Search and Destroy *Enabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Norton Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: Norton Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Program Files (x86)\Norton Security\Engine\22.0.2.17\NS.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\NETGEAR\A6200\A6200.exe
C:\Windows\runSW.exe
C:\Users\Chris\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Windows\SwUSB.exe
C:\Program Files (x86)\Norton Security\Engine\22.0.2.17\NS.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe
C:\Windows\system32\EscSvc64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uProxyServer = localhost:21320
uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE.dll
mWinlogon: Userinit = userinit.exe
BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE.dll
BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.0.2.17\coieplg.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Ads Removal: {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Advanced SystemCare Surfing Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.0.2.17\coieplg.dll
EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
uRun: [Amazon Music] "C:\Users\Chris\AppData\Local\Amazon Music\Amazon Music Helper.exe"
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [GoogleChromeAutoLaunch_4E6299B33FA0592A57BB7C6E94F010D2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
dRun: [Advanced SystemCare 8] "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{301E8229-112B-461A-A12E-83967A71450F} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{49BF10BE-7159-4327-B4E3-4F1CDEB0C93B} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{8822B9B5-C544-442A-8B0B-8BA23A433E0E} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{8822B9B5-C544-442A-8B0B-8BA23A433E0E} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8822B9B5-C544-442A-8B0B-8BA23A433E0E}\84F4D454D273640383D223E243 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{95F02164-76EE-44F0-8BB4-1EE406FAB6C4} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{95F02164-76EE-44F0-8BB4-1EE406FAB6C4} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{95F02164-76EE-44F0-8BB4-1EE406FAB6C4}\2375942554132333 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{95F02164-76EE-44F0-8BB4-1EE406FAB6C4}\2375942554939373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{B3A9667B-680D-4BC5-9317-0C848FEBEF93} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{B3A9667B-680D-4BC5-9317-0C848FEBEF93} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C8672F9C-FA7E-47B8-BECB-481FD025E6AF} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{F0B429FA-6DB8-4021-A485-0477EB0123A3} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{FFB750FA-ED24-4325-A102-8C7C2F50C30F} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine64\22.0.2.17\coieplg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.0.2.17\coieplg.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [GENIE] C:\Program Files (x86)\NETGEAR\A6200\A6200.exe -s
x64-Run: [LanuchApp] C:\Program Files (x86)\NETGEAR\A6200\LanuchApp.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 192.95.55.228 www.google-analytics.com.
Hosts: 192.95.55.228 google-analytics.com.
Hosts: 192.95.55.228 connect.facebook.net.
Hosts: 85.25.107.66 www.google-analytics.com.
Hosts: 85.25.107.66 google-analytics.com.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\hb2yq1gw.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 amdide64;amdide64;C:\Windows\System32\drivers\amdide64.sys [2014-11-19 11944]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-4-11 21184]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NSx64\1600020.011\symds64.sys [2014-11-25 490712]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NSx64\1600020.011\symefa64.sys [2014-11-25 1151704]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20141118.001\BHDrvx64.sys [2014-11-18 1587416]
R1 ccSet_NS;NS Settings Manager;C:\Windows\System32\drivers\NSx64\1600020.011\ccsetx64.sys [2014-11-25 165080]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20141128.001\IDSviA64.sys [2014-11-28 637656]
R1 SDHookDriver;Hook Test Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2014-11-9 64160]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NSx64\1600020.011\ironx64.sys [2014-11-25 271576]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NSx64\1600020.011\symnets.sys [2014-11-25 565464]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AdvancedSystemCareService8;Advanced SystemCare Service 8;C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [2014-11-19 815392]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-8-30 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-8-30 344064]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-11-20 57512]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-4 2443960]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2012-5-10 608864]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2014-9-15 135824]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2014-4-11 344896]
R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 27136]
R2 NS;Norton Security;C:\Program Files (x86)\Norton Security\Engine\22.0.2.17\ns.exe [2014-11-25 282568]
R2 RunSwUSB;RunSwUSB;C:\Windows\runSW.exe [2013-11-29 36864]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-11-9 1740760]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-11-9 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-11-9 171928]
R2 WNDA6200;NETGEAR A6200 Service;C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [2014-6-6 29984]
R2 WSWUSB6300;WSWUSB6300;C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe [2013-11-29 303952]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-11-19 94720]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2014-11-8 23048]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2014-11-8 34848]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-11-19 941784]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTWlanU.sys [2014-4-11 2976472]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2014-11-8 23016]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-8-28 243480]
S2 AVGIDSAgent;AVGIDSAgent; [x]
S2 avgwd;AVG WatchDog; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-3-29 2630432]
S3 A6200;NETGEAR A6200 WiFi Adapter Driver;C:\Windows\System32\drivers\BCMWLHIGH664.SYS [2014-6-6 2567984]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2014-1-6 477960]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2013-10-18 131912]
S3 GalaxyService;GalaxyService;C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [2014-10-20 2191648]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-12 114688]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2014-11-19 2472136]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-12 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-12 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-10 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=C:\Windows\SysWow64\WScript.exe "%1" %*
FileExt: .vbs: VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2014-11-26 00:14:46 565464 ----a-r- C:\Windows\System32\drivers\NSx64\1600020.011\symnets.sys
2014-11-26 00:14:46 23568 ----a-r- C:\Windows\System32\drivers\NSx64\1600020.011\symelam.sys
2014-11-26 00:14:46 1151704 ----a-r- C:\Windows\System32\drivers\NSx64\1600020.011\symefa64.sys
2014-11-26 00:14:45 490712 ----a-r- C:\Windows\System32\drivers\NSx64\1600020.011\symds64.sys
2014-11-26 00:14:45 42200 ----a-r- C:\Windows\System32\drivers\NSx64\1600020.011\srtspx64.sys
2014-11-26 00:14:45 271576 ----a-r- C:\Windows\System32\drivers\NSx64\1600020.011\ironx64.sys
2014-11-26 00:14:45 165080 ----a-r- C:\Windows\System32\drivers\NSx64\1600020.011\ccsetx64.sys
2014-11-26 00:14:45 1016024 ----a-r- C:\Windows\System32\drivers\NSx64\1600020.011\srtsp64.sys
2014-11-26 00:14:14 -------- d-----w- C:\Windows\System32\drivers\NSx64\1600020.011
2014-11-25 01:34:31 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2014-11-25 01:30:46 102616 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-11-25 01:30:46 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2014-11-25 01:29:45 -------- d-----w- C:\Windows\System32\drivers\NSx64
2014-11-25 01:29:44 -------- d-----w- C:\ProgramData\Norton
2014-11-25 01:29:44 -------- d-----w- C:\Program Files (x86)\Norton Security
2014-11-25 01:29:29 -------- d-----w- C:\ProgramData\NortonInstaller
2014-11-25 01:29:29 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2014-11-19 22:36:21 332080 ----a-w- C:\Windows\System32\RaCoInstx.dll
2014-11-19 22:36:21 2472136 ----a-w- C:\Windows\System32\drivers\netr28x.sys
2014-11-19 22:35:32 941784 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2014-11-19 22:35:32 73800 ----a-w- C:\Windows\System32\RtNicProp64.dll
2014-11-19 22:28:50 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2014-11-19 22:26:35 94720 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2014-11-19 22:26:35 110080 ----a-w- C:\Windows\System32\DelayAPO.dll
2014-11-19 22:24:16 11944 ----a-w- C:\Windows\System32\drivers\amdide64.sys
2014-11-19 22:04:57 34080 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2014-11-19 22:04:51 -------- d-----w- C:\Program Files (x86)\Common Files\IObit
2014-11-19 11:11:24 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-19 11:11:24 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-19 11:11:24 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-19 11:11:24 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-19 01:57:45 -------- d-----w- C:\Users\Chris\AppData\Local\Avg
2014-11-19 01:57:36 -------- d-----w- C:\ProgramData\AVG2015
2014-11-19 01:55:30 -------- d-----w- C:\Users\Chris\AppData\Local\Avg2015
2014-11-12 06:04:43 304640 ----a-w- C:\Windows\System32\generaltel.dll
2014-11-12 06:04:42 228864 ----a-w- C:\Windows\System32\aepdu.dll
2014-11-12 06:04:39 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-11-12 06:04:23 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-11-12 06:04:23 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-11-12 06:04:22 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-11-12 06:04:22 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-11-12 06:04:21 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-11-12 06:04:21 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-11-12 06:04:20 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-11-12 06:04:20 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-11-12 06:04:19 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-11-12 05:58:09 77824 ----a-w- C:\Windows\System32\packager.dll
2014-11-12 05:58:09 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-11-12 05:57:18 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-11-12 05:57:17 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-11-12 05:56:31 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-11-12 05:55:59 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-12 05:55:59 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-11-09 20:04:14 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-11-09 20:04:12 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-11-09 20:04:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-09 07:10:17 -------- d--h--w- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-11-09 04:25:25 -------- d-----w- C:\Users\Chris\AppData\Roaming\FrameworkUpdate7
2014-11-08 19:55:12 -------- d-----w- C:\Users\Chris\AppData\Local\Onmics
2014-11-08 19:41:04 -------- d-----w- C:\Users\Chris\AppData\Local\Onptics
2014-11-07 05:50:15 -------- d-----w- C:\ProgramData\Avg_Update_1114tb
.
==================== Find3M  ====================
.
2014-11-19 22:35:32 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2014-11-19 22:28:50 91648 ----a-w- C:\Windows\System32\mantleaxl64.dll
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-10-16 16:27:04 27424 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-02 19:23:20 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-10-02 19:23:20 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
.
============= FINISH: 13:21:35.98 ===============
 
I want to again thank whoever is looking at this. I hope we can work together to figure this out.

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:21 PM

Posted 04 December 2014 - 08:23 PM

hi,

 

If you still need help please download and post a FRST log and we will start from there:

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version. Looks like you can get the 64 bit version.
 
    Right-click FRST then click "Run as administrator"
    When the tool opens click Yes to disclaimer.
    Press the Scan button.
    When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

 

The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

 


How Can I Reduce My Risk to Malware?


#3 c_farmer

c_farmer
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 06 December 2014 - 05:14 PM

Hello again. Thank you very much for helping me.

 

These are the FRST.txt and Addition.txt logs

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2014 02
Ran by Chris (administrator) on CHRIS-PC on 06-12-2014 15:05:42
Running from C:\Users\Chris\Desktop
Loaded Profile: Chris (Available profiles: Chris)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.0.2.17\ns.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Windows\runSW.exe
(NETGEAR,Inc.) C:\Program Files (x86)\NETGEAR\A6200\A6200.exe
(Realtek) C:\Windows\SwUSB.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.0.2.17\ns.exe
() C:\Users\Chris\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
() C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.0.2.17\cltlmh.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-11-19] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [GENIE] => C:\Program Files (x86)\NETGEAR\A6200\A6200.exe [348888 2013-02-18] (NETGEAR,Inc.)
HKLM\...\Run: [LanuchApp] => C:\Program Files (x86)\NETGEAR\A6200\LanuchApp.exe [15136 2012-07-11] ()
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1802048 2014-10-13] (IObit)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2169360837-1742251912-862815689-1000\...\Run: [Amazon Music] => C:\Users\Chris\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-14] ()
HKU\S-1-5-21-2169360837-1742251912-862815689-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2169360837-1742251912-862815689-1000\...\Run: [GoogleChromeAutoLaunch_4E6299B33FA0592A57BB7C6E94F010D2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-11-25] (Google Inc.)
HKU\S-1-5-21-2169360837-1742251912-862815689-1000\...\MountPoints2: {132d4803-36d2-11e4-8543-60a44cab7ebd} - G:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-2169360837-1742251912-862815689-1000\...\MountPoints2: {37e3f5d5-5f44-11e3-80f9-60a44cab7ebd} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2169360837-1742251912-862815689-1000\...\MountPoints2: {5dc21546-3233-11e3-8dd1-806e6f6e6963} - D:\SETUP.exe
HKU\S-1-5-21-2169360837-1742251912-862815689-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2425632 2014-11-17] (IObit)
BootExecute: autocheck autochk * 搀渀挀氀攀愀渀㘀㐀⸀攀砀攀戀搀搀攀氀⸀攀砀攀
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-2169360837-1742251912-862815689-1000] => localhost:21320
HKU\S-1-5-21-2169360837-1742251912-862815689-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2169360837-1742251912-862815689-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2169360837-1742251912-862815689-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5B6FAAD5D2C5CE01
HKU\S-1-5-21-2169360837-1742251912-862815689-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-2169360837-1742251912-862815689-1000 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE64.dll (Spigot, Inc.)
URLSearchHook: HKU\S-1-5-21-2169360837-1742251912-862815689-1000 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE.dll (Spigot, Inc.)
SearchScopes: HKU\S-1-5-21-2169360837-1742251912-862815689-1000 -> DefaultScope {8B77FFA4-33CA-4506-8498-AB53B6C946D1} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2169360837-1742251912-862815689-1000 -> {8B77FFA4-33CA-4506-8498-AB53B6C946D1} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2169360837-1742251912-862815689-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={99D5E847-4EBE-45CB-9DD9-FCF55B835E66}&mid=61c6fad97ae947d3b037b1ed0a4f974e-6202da7dc9c33490f343631a0bf3818453f0c6e8&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=sa&d=2013-11-21 06:49:44&v=18.1.9.799&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.0.2.17\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: IObit Apps Toolbar -> {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -> C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE.dll (Spigot, Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.0.2.17\coIEPlg.dll (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Toolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE64.dll (Spigot, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.0.2.17\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.0.2.17\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{301E8229-112B-461A-A12E-83967A71450F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{49BF10BE-7159-4327-B4E3-4F1CDEB0C93B}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8822B9B5-C544-442A-8B0B-8BA23A433E0E}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{95F02164-76EE-44F0-8BB4-1EE406FAB6C4}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{B3A9667B-680D-4BC5-9317-0C848FEBEF93}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{C8672F9C-FA7E-47B8-BECB-481FD025E6AF}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{F0B429FA-6DB8-4021-A485-0477EB0123A3}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{FFB750FA-ED24-4325-A102-8C7C2F50C30F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\hb2yq1gw.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine: Google
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2169360837-1742251912-862815689-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\hb2yq1gw.default\user.js
FF SearchPlugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\hb2yq1gw.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Ads Removal - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\hb2yq1gw.default\Extensions\adremoveext@adremoveext.net [2014-11-08]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\hb2yq1gw.default\Extensions\iobitascsurfingprotection@iobit.com [2014-11-19]
FF Extension: Adblock Plus - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\hb2yq1gw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-05]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home6635.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home6635\ff
FF Extension: Media Watch - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home6635\ff [2014-03-26]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-09-18]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.0.110\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.0.110\coFFPlgn [2014-12-06]
FF Extension: No Name - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\hb2yq1gw.default\extensions\ascsurfingprotection@iobit.com [Not Found]
FF Extension: IObit Apps Toolbar - C:\Program Files (x86)\IObit Apps Toolbar\FF [2014-10-27]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://mysearch.avg.com?cid={99D5E847-4EBE-45CB-9DD9-FCF55B835E66}&mid=61c6fad97ae947d3b037b1ed0a4f974e-6202da7dc9c33490f343631a0bf3818453f0c6e8&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=sa&d=2013-11-21 06:49:44&v=18.1.9.786&pid=safeguard&sg=0&sap=hp
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-04]
CHR Extension: (Motorola Connect) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmoblgooahdmdibodmcnffgnejlndh [2014-09-04]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.0.2.17\Exts\Chrome.crx [2014-11-25]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.0.2.17\Exts\Chrome.crx [2014-11-25]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pelacdhahkdndffbdndibkcapnbhpbfj] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home6635\ch\MediaWatchV1home6635.crx [2014-03-20]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-01-06] (BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
S3 GalaxyService; C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [2191648 2014-09-18] (GOG.com)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-09-30] (IObit)
R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2630432 2014-11-04] (IObit)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5148240 2013-07-22] (INCA Internet Co., Ltd.)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.0.2.17\NS.exe [282568 2014-10-15] (Symantec Corporation)
R2 RunSwUSB; C:\Windows\runSW.exe [36864 2012-09-20] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [29984 2012-09-24] ()
R2 WSWUSB6300; C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe [303952 2013-06-12] ()
S2 AVGIDSAgent; No ImagePath
S2 avgwd; No ImagePath
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [2567984 2013-02-28] (Broadcom Corporation)
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2014-11-19] (Advanced Micro Devices Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20141203.001\BHDrvx64.sys [1587416 2014-11-18] (Symantec Corporation)
S3 BRDriver64; No ImagePath
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1600020.011\ccSetx64.sys [165080 2014-09-08] (Symantec Corporation)
S3 EagleX64; No ImagePath
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-08-27] (Symantec Corporation)
U3 EraserUtilDrv11410; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [142640 2014-11-24] (Symantec Corporation)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20141205.001\IDSvia64.sys [637656 2014-11-24] (Symantec Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20141205.003\ENG64.SYS [129752 2014-11-24] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20141205.003\EX64.SYS [2137304 2014-11-24] (Symantec Corporation)
R1 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-26] (CACE Technologies, Inc.)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2976472 2014-04-11] (Realtek Semiconductor Corporation                           )
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R1 SRTSP; C:\Windows\System32\Drivers\NSx64\1600020.011\SRTSP64.SYS [1016024 2014-09-08] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1600020.011\SRTSPX64.SYS [42200 2014-09-08] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NSx64\1600020.011\SYMDS64.SYS [490712 2014-09-08] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NSx64\1600020.011\SYMEFA64.SYS [1151704 2014-09-08] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2014-11-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1600020.011\Ironx64.SYS [271576 2014-09-08] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1600020.011\SYMNETS.SYS [565464 2014-09-08] (Symantec Corporation)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-06 15:05 - 2014-12-06 15:11 - 00024533 _____ () C:\Users\Chris\Desktop\FRST.txt
2014-12-06 15:05 - 2014-12-06 15:06 - 00000000 ____D () C:\FRST
2014-12-06 15:01 - 2014-12-06 15:01 - 02119168 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2014-12-05 23:10 - 2014-12-06 14:56 - 00002078 _____ () C:\Windows\runSW.log
2014-12-05 23:09 - 2014-12-06 14:55 - 00000168 _____ () C:\Windows\setupact.log
2014-12-05 23:09 - 2014-12-05 23:09 - 00005954 _____ () C:\Windows\PFRO.log
2014-12-05 23:09 - 2014-12-05 23:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-05 23:08 - 2014-12-05 23:08 - 00000000 ____H () C:\asc_rdflag
2014-12-05 14:33 - 2014-12-05 14:33 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashDumps
2014-12-05 11:37 - 2014-12-05 11:38 - 00275616 _____ () C:\Windows\Minidump\120514-35084-01.dmp
2014-12-01 13:37 - 2014-12-01 13:37 - 00116950 _____ () C:\Users\Chris\Desktop\Recent History.txt
2014-12-01 13:22 - 2014-12-01 13:22 - 00019321 _____ () C:\Users\Chris\Desktop\attach.txt
2014-12-01 13:22 - 2014-12-01 13:21 - 00029875 _____ () C:\Users\Chris\Desktop\dds.txt
2014-12-01 13:07 - 2014-12-01 13:08 - 00688992 ____R (Swearware) C:\Users\Chris\Desktop\dds.com
2014-12-01 10:47 - 2014-12-01 10:47 - 00000278 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Chris.job
2014-11-26 06:18 - 2014-11-26 06:18 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security
2014-11-24 19:30 - 2014-11-26 06:11 - 00003216 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-11-24 19:30 - 2014-11-26 06:11 - 00002386 _____ () C:\Users\Public\Desktop\Norton Security.lnk
2014-11-24 19:30 - 2014-11-24 19:30 - 00102616 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-11-24 19:30 - 2014-11-24 19:30 - 00008214 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-11-24 19:30 - 2014-11-24 19:30 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-11-24 19:29 - 2014-11-26 06:13 - 00000000 ____D () C:\Windows\system32\Drivers\NSx64
2014-11-24 19:29 - 2014-11-26 06:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2014-11-24 19:29 - 2014-11-24 19:31 - 00000000 ____D () C:\ProgramData\Norton
2014-11-24 19:29 - 2014-11-24 19:29 - 00000000 ____D () C:\Program Files (x86)\Norton Security
2014-11-24 19:27 - 2014-11-24 19:29 - 115614832 ____N (Symantec Corporation) C:\Users\Chris\Downloads\NS-TW-22.0.0-EN-US.exe
2014-11-24 14:59 - 2014-11-24 14:59 - 00879096 _____ (Microsoft Corporation) C:\Users\Chris\Downloads\NetFxRepairTool.exe
2014-11-24 14:29 - 2014-11-24 14:29 - 00275560 _____ () C:\Windows\Minidump\112414-36441-01.dmp
2014-11-24 09:53 - 2014-12-05 11:37 - 946455841 _____ () C:\Windows\MEMORY.DMP
2014-11-24 09:53 - 2014-11-24 09:53 - 00275560 _____ () C:\Windows\Minidump\112414-33930-01.dmp
2014-11-22 19:11 - 2014-11-22 19:13 - 00000000 ____D () C:\Users\Chris\Desktop\hurbleduh
2014-11-21 11:52 - 2014-11-21 11:52 - 00001954 _____ () C:\Users\Public\Desktop\DROD 2 - Journey to Rooted Hold.lnk
2014-11-21 11:52 - 2014-11-21 11:52 - 00001927 _____ () C:\Users\Public\Desktop\DROD 1 - King Dugans Dungeon.lnk
2014-11-21 11:52 - 2014-11-21 11:52 - 00001900 _____ () C:\Users\Public\Desktop\DROD 3 - The City Beneath.lnk
2014-11-21 11:34 - 2014-11-21 11:48 - 214610320 _____ (GOG.com ) C:\Users\Chris\Desktop\setup_drod123_2.0.0.3.exe
2014-11-19 16:36 - 2014-11-19 16:36 - 02472136 _____ (Ralink Technology, Corp.) C:\Windows\system32\Drivers\netr28x.sys
2014-11-19 16:36 - 2014-11-19 16:36 - 00332080 _____ (Ralink Technology, Inc.) C:\Windows\system32\RaCoInstx.dll
2014-11-19 16:36 - 2014-11-19 16:36 - 00013973 _____ () C:\Windows\system32\RaCoInst.dat
2014-11-19 16:35 - 2014-11-19 16:35 - 00941784 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-11-19 16:35 - 2014-11-19 16:35 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 60636160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-11-19 16:32 - 2014-11-19 16:32 - 28343384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 14863448 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 12894808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2014-11-19 16:32 - 2014-11-19 16:32 - 05751048 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-11-19 16:32 - 2014-11-19 16:32 - 03959384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 02117424 _____ () C:\Windows\system32\SStudio.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-11-19 16:32 - 2014-11-19 16:32 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 01934424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 01317976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 01168472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-11-19 16:32 - 2014-11-19 16:32 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 01048824 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 00956504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 00900696 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 00889592 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 00291488 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 00246008 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2014-11-19 16:32 - 2014-11-19 16:32 - 00033592 _____ () C:\Windows\system32\audioLibVc.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 33867264 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 28770304 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 27918336 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 23375360 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 16750080 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-11-19 16:28 - 2014-11-19 16:28 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 09254184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 07207592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 07028336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 05639168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 04480000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-11-19 16:28 - 2014-11-19 16:28 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2014-11-19 16:28 - 2014-11-19 16:28 - 01113576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00900608 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00827392 _____ (AMD) C:\Windows\system32\coinst_14.30.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00759301 _____ () C:\Windows\system32\amdicdxx.dat
2014-11-19 16:28 - 2014-11-19 16:28 - 00734861 _____ () C:\Windows\system32\atiicdxx.dat
2014-11-19 16:28 - 2014-11-19 16:28 - 00609272 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-11-19 16:28 - 2014-11-19 16:28 - 00609272 _____ () C:\Windows\system32\atiapfxx.blb
2014-11-19 16:28 - 2014-11-19 16:28 - 00576000 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-11-19 16:28 - 2014-11-19 16:28 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-11-19 16:28 - 2014-11-19 16:28 - 00322868 _____ () C:\Windows\system32\ativvaxy_vi.dat
2014-11-19 16:28 - 2014-11-19 16:28 - 00321200 _____ () C:\Windows\system32\ativvaxy_vi_nd.dat
2014-11-19 16:28 - 2014-11-19 16:28 - 00293088 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-11-19 16:28 - 2014-11-19 16:28 - 00290080 _____ () C:\Windows\system32\ativvaxy_cz_nd.dat
2014-11-19 16:28 - 2014-11-19 16:28 - 00235008 _____ () C:\Windows\system32\clinfo.exe
2014-11-19 16:28 - 2014-11-19 16:28 - 00234164 _____ () C:\Windows\system32\ativvaxy_cik.dat
2014-11-19 16:28 - 2014-11-19 16:28 - 00232752 _____ () C:\Windows\system32\ativvaxy_cik_nd.dat
2014-11-19 16:28 - 2014-11-19 16:28 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00158928 _____ () C:\Windows\system32\ativce03.dat
2014-11-19 16:28 - 2014-11-19 16:28 - 00157224 _____ () C:\Windows\system32\amde31a.dat
2014-11-19 16:28 - 2014-11-19 16:28 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00140240 _____ () C:\Windows\system32\samu_krnl_ci.sbin
2014-11-19 16:28 - 2014-11-19 16:28 - 00138832 _____ () C:\Windows\system32\samu_krnl_isv_ci.sbin
2014-11-19 16:28 - 2014-11-19 16:28 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00118096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00082128 _____ () C:\Windows\system32\ativce02.dat
2014-11-19 16:28 - 2014-11-19 16:28 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00046128 _____ () C:\Windows\system32\kapp_ci.sbin
2014-11-19 16:28 - 2014-11-19 16:28 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00041936 _____ () C:\Windows\system32\kapp_si.sbin
2014-11-19 16:28 - 2014-11-19 16:28 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-11-19 16:28 - 2014-11-19 16:28 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-11-19 16:26 - 2014-11-19 16:26 - 00110080 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2014-11-19 16:26 - 2014-11-19 16:26 - 00094720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2014-11-19 16:24 - 2014-11-19 16:24 - 00011944 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\Drivers\amdide64.sys
2014-11-19 16:17 - 2014-11-19 16:17 - 00002854 _____ () C:\Windows\System32\Tasks\ASC8_SkipUac_Chris
2014-11-19 16:05 - 2014-11-19 16:05 - 00002892 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Chris
2014-11-19 16:05 - 2014-11-19 16:05 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-11-19 16:04 - 2014-12-05 13:43 - 00002109 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2014-11-19 16:04 - 2014-11-19 16:06 - 00001156 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-11-19 16:04 - 2014-11-19 16:04 - 00003170 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-11-19 16:04 - 2014-11-19 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2014-11-19 16:04 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2014-11-19 16:03 - 2014-11-25 06:28 - 00002072 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2014-11-19 16:03 - 2014-11-19 16:03 - 00003164 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-11-19 16:03 - 2014-11-19 16:03 - 00001098 _____ () C:\Users\Public\Desktop\Smart Defrag 3.lnk
2014-11-19 16:03 - 2014-11-19 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2014-11-19 05:11 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 05:11 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 05:11 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 05:11 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 19:57 - 2014-11-24 14:43 - 00000000 ____D () C:\ProgramData\AVG2015
2014-11-18 19:57 - 2014-11-18 19:57 - 00000000 ____D () C:\Users\Chris\AppData\Local\Avg
2014-11-18 19:55 - 2014-11-18 19:55 - 00000000 ____D () C:\Users\Chris\AppData\Local\Avg2015
2014-11-18 19:51 - 2014-11-18 19:54 - 178118832 _____ (AVG Technologies) C:\Users\Chris\Desktop\avg_isct_x64_all_2015_5577a8546.exe
2014-11-13 15:02 - 2014-11-24 17:48 - 00057430 _____ () C:\Windows\SysWOW64\bddel.dat
2014-11-12 09:53 - 2014-11-12 09:54 - 00560976 _____ (Safer-Networking Ltd. ) C:\Users\Chris\Desktop\spybot2-license.exe
2014-11-12 09:48 - 2014-11-12 09:48 - 00000000 ____D () C:\Users\Chris\Documents\ProcAlyzer Dumps
2014-11-12 00:16 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 00:16 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 00:16 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 00:16 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 00:16 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 00:16 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 00:16 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 00:16 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 00:16 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 00:16 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 00:16 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 00:16 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 00:16 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 00:16 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 00:16 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 00:16 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 00:16 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 00:16 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 00:16 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 00:16 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 00:16 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 00:16 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 00:16 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 00:16 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 00:16 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 00:16 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 00:16 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 00:16 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 00:16 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 00:16 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 00:16 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 00:16 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 00:16 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 00:16 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 00:16 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 00:16 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 00:16 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 00:16 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 00:16 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 00:16 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 00:16 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 00:16 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 00:16 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 00:16 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 00:16 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 00:16 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 00:16 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 00:16 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 00:16 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 00:16 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 00:16 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 00:16 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 00:16 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 00:16 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 00:16 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 00:16 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 00:04 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 00:04 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 00:04 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 00:04 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 00:04 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 00:04 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 00:04 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 00:04 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 00:04 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 00:04 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 00:04 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 00:04 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 23:59 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 23:59 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 23:59 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 23:59 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 23:59 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 23:59 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 23:59 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 23:59 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 23:59 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 23:59 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 23:59 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 23:59 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 23:59 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 23:59 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 23:59 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 23:59 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 23:59 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 23:59 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 23:59 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 23:59 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 23:59 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 23:59 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 23:59 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 23:59 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 23:59 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 23:59 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 23:58 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 23:58 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 23:57 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 23:57 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 23:56 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 23:55 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 23:55 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 23:53 - 2014-11-12 00:02 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-11-10 22:55 - 2009-06-10 15:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141110-225543.backup
2014-11-10 08:39 - 2014-11-10 08:40 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Chris\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-09 22:09 - 2014-11-09 23:40 - 00005165 _____ () C:\Windows\wininit.ini
2014-11-09 14:05 - 2014-11-09 14:05 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-11-09 14:04 - 2014-11-20 13:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-09 14:04 - 2014-11-12 10:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-09 14:04 - 2014-11-09 14:04 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-09 14:04 - 2014-11-09 14:04 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-09 14:04 - 2014-11-09 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-09 14:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-09 13:50 - 2014-11-09 14:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Chris\Desktop\spybot-2.4.exe
2014-11-09 12:38 - 2014-11-09 12:38 - 00000000 _____ () C:\autoexec.bat
2014-11-09 12:37 - 2014-11-09 12:37 - 00003326 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-11-09 12:34 - 2014-11-09 12:34 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Chris\Desktop\SpyHunter-Installer.exe
2014-11-09 01:10 - 2014-12-06 14:56 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-11-08 22:35 - 2014-11-08 22:36 - 32601272 _____ (Microsoft Corporation) C:\Users\Chris\Desktop\Windows-KB890830-x64-V5.17.exe
2014-11-08 22:26 - 2014-11-11 23:54 - 00000256 ____H () C:\ProgramData\@system3.att
2014-11-08 22:26 - 2014-11-11 23:53 - 00000520 _____ () C:\ProgramData\@system.temp
2014-11-08 22:25 - 2014-11-16 02:48 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\FrameworkUpdate7
2014-11-08 22:25 - 2014-11-08 22:25 - 00000448 ____H () C:\Users\Chris\AppData\Roaming\麽鎒駓覜
2014-11-08 15:57 - 2014-12-01 10:13 - 00000000 ____D () C:\Users\Chris\Desktop\registry backup
2014-11-08 13:55 - 2014-11-13 15:41 - 00000000 ____D () C:\Users\Chris\AppData\Local\Onmics
2014-11-08 13:42 - 2014-11-08 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-11-08 13:41 - 2014-11-13 15:50 - 00000000 ____D () C:\Users\Chris\AppData\Local\Onptics
2014-11-08 13:41 - 2014-11-08 13:42 - 32809520 _____ (IObit ) C:\Users\Chris\Desktop\IObit-Malware-Fighter-Setup.exe
2014-11-08 00:08 - 2014-11-08 04:40 - 00000904 _____ () C:\Users\Chris\Desktop\New Text Document.txt
2014-11-06 23:50 - 2014-11-06 23:50 - 00000000 ____D () C:\ProgramData\Avg_Update_1114tb
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-06 15:14 - 2013-10-10 10:34 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-06 15:07 - 2009-07-13 22:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-06 15:07 - 2009-07-13 22:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-06 14:59 - 2014-04-11 06:45 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-12-06 14:57 - 2013-10-10 10:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-06 14:55 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-06 07:00 - 2013-10-11 07:21 - 00000000 ____D () C:\Users\Chris\AppData\Local\Adobe
2014-12-05 23:36 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-05 23:08 - 2014-03-30 06:23 - 86245376 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-12-05 23:08 - 2014-03-30 06:23 - 05013504 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-12-05 23:08 - 2014-03-30 06:23 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-12-05 23:08 - 2014-03-30 06:23 - 00024576 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-12-05 23:08 - 2013-10-10 20:17 - 00000000 ____D () C:\Users\Chris
2014-12-05 11:37 - 2013-11-05 19:59 - 00000000 ____D () C:\Windows\Minidump
2014-12-04 13:59 - 2013-10-10 20:17 - 01658631 _____ () C:\Windows\WindowsUpdate.log
2014-12-04 09:09 - 2014-03-29 08:21 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-04 01:05 - 2013-11-17 20:07 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\uTorrent
2014-12-01 10:48 - 2013-11-03 17:23 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-11-27 23:24 - 2009-07-13 23:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-27 14:52 - 2013-10-24 13:55 - 00000000 ____D () C:\Users\Chris\AppData\Local\Battle.net
2014-11-27 12:46 - 2013-10-24 13:55 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-11-27 10:04 - 2013-12-26 12:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-26 16:46 - 2014-05-29 08:24 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\ProductData
2014-11-26 06:24 - 2013-10-10 10:39 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-24 18:56 - 2013-11-03 17:01 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-11-24 14:40 - 2013-11-03 16:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-23 13:54 - 2013-10-24 13:56 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-11-22 21:07 - 2014-04-12 05:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-21 11:52 - 2013-10-11 07:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-11-21 11:52 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-21 11:51 - 2013-10-11 07:05 - 00000000 ____D () C:\GOG Games
2014-11-20 11:34 - 2014-04-12 05:54 - 00000000 ___HD () C:\$AVG
2014-11-20 11:34 - 2014-04-12 05:54 - 00000000 ____D () C:\ProgramData\AVG2014
2014-11-20 11:29 - 2013-10-10 10:21 - 00000000 ____D () C:\ProgramData\IObit
2014-11-19 16:38 - 2014-03-13 19:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-19 16:36 - 2013-10-10 10:08 - 00005499 _____ () C:\Windows\system32\RaCoInst.log
2014-11-19 16:35 - 2013-10-10 08:35 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-11-19 16:34 - 2013-10-10 08:34 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-11-19 16:28 - 2013-08-30 18:14 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2014-11-19 16:28 - 2013-08-30 18:13 - 10826488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2014-11-19 16:28 - 2013-08-30 18:13 - 08296296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-11-19 16:28 - 2013-08-30 18:13 - 08044976 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-11-19 16:28 - 2013-08-30 18:13 - 01335544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2014-11-19 16:28 - 2013-08-30 18:13 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-11-19 16:28 - 2013-08-30 16:59 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-11-19 16:28 - 2013-08-30 16:58 - 00619008 _____ (AMD) C:\Windows\system32\atieclxx.exe
2014-11-19 16:28 - 2013-08-30 16:57 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2014-11-19 16:28 - 2013-08-30 16:33 - 01210880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2014-11-19 16:05 - 2013-10-10 10:21 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\IObit
2014-11-19 16:05 - 2013-10-10 10:21 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-11-19 16:03 - 2014-04-11 06:45 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-11-19 16:03 - 2014-04-11 06:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2014-11-19 15:35 - 2014-03-04 08:56 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-14 09:08 - 2013-10-10 10:34 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 09:08 - 2013-10-10 10:34 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 20:36 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 10:09 - 2009-07-13 22:45 - 04938200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 10:06 - 2014-04-25 09:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 10:03 - 2013-10-10 08:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 09:57 - 2013-10-10 08:59 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 00:01 - 2009-07-13 20:34 - 00001497 __RSH () C:\Windows\system32\Drivers\etc\hosts.20141119-003050.backup
2014-11-08 13:42 - 2014-07-01 19:51 - 00001173 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-11-08 10:36 - 2014-06-05 12:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-08 04:40 - 2013-11-27 19:45 - 00001582 _____ () C:\Windows\System32\Tasks\Amazon Music Helper
2014-11-06 23:50 - 2014-08-26 08:53 - 00000000 ____D () C:\Program Files (x86)\AVG Security Toolbar
2014-11-06 23:22 - 2014-04-18 21:35 - 00000000 ____D () C:\Users\Chris\Documents\NCSOFT
2014-11-06 23:22 - 2014-04-12 14:26 - 00000000 ____D () C:\Users\Chris\AppData\Local\NCSOFT
2014-11-06 23:20 - 2013-10-10 08:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-29 15:52
 
==================== End Of Log ============================
 
---
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2014 02
Ran by Chris at 2014-12-06 15:14:23
Running from C:\Users\Chris\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Norton Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: Norton Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
//N.P.P.D.RUSH// - The milk of Ultra violet (HKLM-x32\...\Steam App 270090) (Version:  - Rail Slave Games)
µTorrent (HKU\S-1-5-21-2169360837-1742251912-862815689-1000\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
123 AVI to GIF Converter 4.0 (HKLM-x32\...\{029DE794-21C8-499E-B9E7-B965AAAC2187}_is1) (Version:  - Bitsoft.net Development)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.15.58233 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.15.58233 - ABBYY) Hidden
ACID Music Studio 10.0 (HKLM-x32\...\{0417C9E1-CBD4-11E3-A786-F04DA23A5C58}) (Version: 10.0.108 - Sony)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Adventures of Shuggy (HKLM-x32\...\Steam App 211440) (Version:  - Smudged Cat Games Ltd)
Aerena (HKLM-x32\...\Steam App 247830) (Version:  - Cliffhanger Productions)
Akane the Kunoichi (HKLM-x32\...\Steam App 291130) (Version:  - Haruneko Entertainment)
Aliens vs Predator Classic 2000 (HKLM-x32\...\1207665883_is1) (Version: 2.0.0.21 - GOG.com)
Amazon Music (HKU\S-1-5-21-2169360837-1742251912-862815689-1000\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden
AMD Catalyst Install Manager (HKLM\...\{1E9871B6-7C44-9A3A-A1C0-F9729663C7F5}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Amnesia: A Machine for Pigs (HKLM-x32\...\Steam App 239200) (Version:  - The Chinese Room)
Another World (HKLM-x32\...\Steam App 233550) (Version:  - Eric Chahi)
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
Audiosurf 2 (HKLM-x32\...\Steam App 235800) (Version:  - Dylan Fitterer)
AVG 2014 (Version: 14.0.4189 - AVG Technologies) Hidden
Bardbarian (HKLM-x32\...\Steam App 269490) (Version:  - TreeFortress Games)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
Beatbuddy: Tale of the Guardians (HKLM-x32\...\Steam App 231040) (Version:  - Threaks)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Blade Symphony (HKLM-x32\...\Steam App 225600) (Version:  - Puny Human Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Broken Age (HKLM-x32\...\Steam App 232790) (Version:  - Double Fine Productions)
Cloudbuilt (HKLM-x32\...\Steam App 262390) (Version:  - Coilworks)
ComicRack v0.9.172 (HKLM\...\ComicRack) (Version: v0.9.172 - cYo Soft)
Cook, Serve, Delicious! (HKLM-x32\...\Steam App 247020) (Version:  - Vertigo Gaming)
Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version:  - )
Curse Client (HKU\S-1-5-21-2169360837-1742251912-862815689-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
Dark Shadows - Army of Evil (HKLM-x32\...\Steam App 280640) (Version:  - Burian Media Enterprises)
Dead Bits (HKLM-x32\...\Steam App 303390) (Version:  - Microblast Games)
Dead Rising 2: Off the Record (HKLM-x32\...\Steam App 45770) (Version:  - Capcom Vancouver)
Deadly Premonition: The Director's Cut (HKLM-x32\...\Steam App 247660) (Version:  - Rising Star Games)
Delver (HKLM-x32\...\Steam App 249630) (Version:  - Chad Alan Cuddigan)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Desura: Eryi's Action (HKLM-x32\...\Desura_81192061763616) (Version: Full - Nyu Media)
Desura: Wyv and Keep (HKLM-x32\...\Desura_60967060766752) (Version: Full - a jolly corpse)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Download Navigator (HKLM-x32\...\{3A3A3B34-6EA2-4031-8580-D66D29533E89}) (Version: 3.4.0 - SEIKO EPSON CORPORATION)
Driver Booster 2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.0 - IObit)
DROD 1+2+3 (HKLM-x32\...\GOGPACKDROD123_is1) (Version: 2.0.0.3 - GOG.com)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
Flixster (HKU\S-1-5-21-2169360837-1742251912-862815689-1000\...\57554551bac4f5b1) (Version: 2.1.0.282 - Flixster)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Galaxy Client (HKLM-x32\...\{D6D1DA54-531F-4FA0-B683-CE66ACE3543F}_is1) (Version: 0.1.0.456 - GOG.com)
Gears of War for Windows (HKLM-x32\...\GFWL_{4D530842-77D5-42F3-BAD3-A2100D0D8400}) (Version: 1.0.3341.132 - Microsoft Game Studios)
Gears of War for Windows (x32 Version: 1.0.3341.132 - Microsoft Game Studios) Hidden
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
Humanity Asset (HKLM-x32\...\Steam App 271640) (Version:  - Browny Application)
Iesabel (HKLM-x32\...\Steam App 248710) (Version:  - )
Into the Dark (HKLM-x32\...\Steam App 266050) (Version:  - Homegrown Games)
IObit Apps Toolbar v10.0 (HKLM-x32\...\{43CA6533-3E0C-4B89-A99F-631242F3CCF3}) (Version: 10.0 - Spigot, Inc.) <==== ATTENTION
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.5 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.24 - IObit)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jack Lumber (HKLM-x32\...\Steam App 220900) (Version:  - Owlchemy Labs)
Jazzpunk (HKLM-x32\...\Steam App 250260) (Version:  - Necrophone Games)
Kairo (HKLM-x32\...\Steam App 233230) (Version:  - Richard Perrin)
KAMI (HKLM-x32\...\Steam App 272040) (Version:  - State of Play Games)
Kill Fun Yeah (HKLM-x32\...\Steam App 301360) (Version:  - Arctic Anteater)
K-Lite Codec Pack 6.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.2.0 - )
Linksys Dual Band Wireless-AC USB Adapter (HKLM-x32\...\{C094F1A2-5EDF-4550-AE67-5FC1F4D2186F}) (Version: 1.0.0.12 - Linksys LLC)
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
LYNE (HKLM-x32\...\Steam App 266010) (Version:  - Thomas Bowker)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Master Reboot (HKLM-x32\...\Steam App 251850) (Version:  - Wales Interactive)
Media Watch (HKLM-x32\...\MediaWatchV1home6635) (Version: 1.1 - Media Watch) <==== ATTENTION
Megabyte Punch (HKLM-x32\...\Steam App 248550) (Version:  - Reptile Games)
Mercenary Kings (HKLM-x32\...\Steam App 218820) (Version:  - Tribute Games Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2169360837-1742251912-862815689-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Word 2013 - en-us (HKLM\...\WordRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
Mr. Bree+ (HKLM-x32\...\Steam App 264220) (Version:  - TawStudio Entertainment)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3 - MusicBrainz)
My Game Long Name (HKLM\...\UDK-84c4f9dc-094c-402f-b6e1-a8686f079aef) (Version:  - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-a06a6798-d9e3-437d-af07-e91481f190e1) (Version:  - Epic Games, Inc.)
NETGEAR A6200 Genie (HKLM-x32\...\{48E61F3E-61D4-42A3-9D29-D0CF40838779}) (Version: 26.0.0.0 - NETGEAR)
Nidhogg (HKLM-x32\...\Steam App 94400) (Version:  - Messhof)
Nightmares from the Deep: The Cursed Heart (HKLM-x32\...\Steam App 259740) (Version:  - Artifex Mundi sp. z o.o.)
Nihilumbra (HKLM-x32\...\Steam App 252670) (Version:  - Beautifun Games)
Norton Security (HKLM-x32\...\NS) (Version: 22.0.2.17 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Oknytt (HKLM-x32\...\Steam App 286320) (Version:  - Nemoria Entertainment)
One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version:  - Silver Dollar Games)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
PixelJunk™ Shooter (HKLM-x32\...\Steam App 255870) (Version:  - )
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Probably Archery (HKLM-x32\...\Steam App 263420) (Version:  - South East Games)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Red Faction: Guerrilla (HKLM-x32\...\GFWL_{54510837-8D99-4877-8C7A-031000008200}) (Version: 1.0.0000.130 - THQ)
Red Faction: Guerrilla (x32 Version: 1.0.0000.130 - THQ) Hidden
Red Faction: Guerrilla (x32 Version: 1.0.0003.130 - THQ) Hidden
redist (HKLM-x32\...\{153C7D89-9CF4-4719-A551-C5BF45236DB5}) (Version: 1.0.0.0 - redist)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - Enterbrain)
S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version:  - GSC Game World)
Search Protection (HKU\S-1-5-21-2169360837-1742251912-862815689-1000\...\Search Protection) (Version: 10.1.0.2 - Spigot, Inc.) <==== ATTENTION
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )
Shadow Man (HKLM-x32\...\Steam App 251770) (Version:  - Acclaim Studios Teeside)
Shufflepuck Cantina Deluxe (HKLM-x32\...\Steam App 259510) (Version:  - Agharta Studio)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
Space Quest Collection (HKLM-x32\...\Steam App 10110) (Version:  - Activision)
Space Quest Collection™ (2006) DOSBox Patch  (HKLM-x32\...\Space Quest Collection™ (2006) DOSBox Patch) (Version:  - SHP)
Sparkle 2 Evo (HKLM-x32\...\Steam App 253650) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Trek Online (HKLM-x32\...\Steam App 9900) (Version:  - Cryptic Studios)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.29 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
StepMania v5.0 beta 2a (remove only) (HKLM-x32\...\StepMania 5) (Version:  - StepMania Team)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Consuming Shadow (HKU\S-1-5-21-2169360837-1742251912-862815689-1000\...\The Consuming Shadow) (Version:  - )
The Incredible Adventures of Van Helsing (HKLM-x32\...\Steam App 215530) (Version:  - NeocoreGames)
The Lord of the Rings Online™ (HKLM-x32\...\Steam App 212500) (Version:  - Turbine, Inc.)
The Sun at Night (HKLM-x32\...\Steam App 314570) (Version:  - Minicore Studios)
The Typing of The Dead: Overkill (HKLM-x32\...\Steam App 246580) (Version:  - Modern Dream)
Tiny Barbarian DX (HKLM-x32\...\Steam App 253350) (Version:  - StarQuail Games)
Toki Tori 2+ (HKLM-x32\...\Steam App 201420) (Version:  - Two Tribes)
Unepic (HKLM-x32\...\Steam App 233980) (Version:  - Francisco Téllez de Meneses)
Unity Web Player (HKU\S-1-5-21-2169360837-1742251912-862815689-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unreal Tournament 2004 (HKLM-x32\...\Steam App 13230) (Version:  - Epic Games, Inc.)
Valdis Story: Abyssal City (HKLM-x32\...\Steam App 252030) (Version:  - )
Virtua Tennis 4 (HKLM-x32\...\Steam App 71390) (Version:  - SEGA)
Virtua Tennis 4 (x32 Version: 1.0.0001.130 - Sega) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2169360837-1742251912-862815689-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wizorb (HKLM-x32\...\Steam App 207420) (Version:  - Tribute Games)
Woodle Tree Adventures (HKLM-x32\...\Steam App 299460) (Version:  - Fabio Ferrara)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
ZMR (HKLM-x32\...\{EF14889D-3ECF-4289-91AC-4236CD983CA3}) (Version: 1.0.4.0000 - En Masse Entertainment)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2169360837-1742251912-862815689-1000_Classes\CLSID\{1cc07321-6f07-4d1f-93b1-afb274f32565}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2169360837-1742251912-862815689-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2169360837-1742251912-862815689-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2169360837-1742251912-862815689-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2169360837-1742251912-862815689-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2169360837-1742251912-862815689-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2169360837-1742251912-862815689-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
23-11-2014 03:07:53 Windows Modules Installer
24-11-2014 20:40:42 Installed AVG 2015
24-11-2014 20:41:37 Installed AVG 2015
24-11-2014 20:45:11 Removed AVG 2015
24-11-2014 20:45:26 Installed AVG 2014
01-12-2014 22:01:26 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2014-11-12 00:01 - 00001497 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
192.95.55.228 www.google-analytics.com.
192.95.55.228 google-analytics.com.
192.95.55.228 connect.facebook.net.
85.25.107.66 www.google-analytics.com.
85.25.107.66 google-analytics.com.
85.25.107.66 connect.facebook.net.
146.0.75.24 www.google-analytics.com.
146.0.75.24 google-analytics.com.
146.0.75.24 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00A32950-27F9-4D71-A776-963655394893} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {01D6161F-AB0C-400B-972E-3D7196AECEEB} - System32\Tasks\Uninstaller_SkipUac_Chris => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-04] (IObit)
Task: {03D1A2BE-399C-464A-8EC5-B6B044F50565} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {061F267A-D6BE-4902-B01C-3849644BA3EE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {1111356B-E90E-4517-B937-30303BFF9A95} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {27FCD3AC-C786-468F-A0DF-2D5308DF34C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10] (Google Inc.)
Task: {2B6CDAC1-B6B9-44F7-A0F2-66D335733BC9} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-10-28] (IObit)
Task: {2BD98CB7-0BDD-4D06-9510-000690037FD4} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.0.2.17\SymErr.exe [2014-09-08] (Symantec Corporation)
Task: {2C171B58-1623-4AD5-9791-29BD9ECF68C1} - System32\Tasks\ASC8_SkipUac_Chris => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2014-11-17] (IObit)
Task: {37FAF1EF-36F2-4CEE-A4DD-AFD85D406EF0} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {3887552F-5E05-44EA-B3EA-58187C4B7F1A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {3A1EDA33-279B-4ADA-B872-09DB591F9A2F} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-10-08] (IObit)
Task: {3B9D2F49-54EB-4E2C-9D74-85EA66A78137} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.0.2.17\SymErr.exe [2014-09-08] (Symantec Corporation)
Task: {3FF75C43-9C28-4FB2-9992-8CFF29B557E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10] (Google Inc.)
Task: {4565DF84-6EE4-4A8F-982E-8605CA80B090} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {4C4B50A6-956C-43BD-B3EA-D0DDD3BFDC29} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {4D88CB3F-9F45-4FA9-BBC3-4E90CFFF0CA4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {538930CD-0970-4835-8FD3-F38EA474F7D9} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {63F8D86A-B26C-4648-B5A2-53C22F8C8BEF} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {850FBB08-8906-483D-96C7-A6398861518E} - System32\Tasks\Amazon Music Helper => C:\Users\Chris\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-10-14] ()
Task: {85C81084-2907-4A66-AEF0-BE4E52D00E82} - System32\Tasks\AdobeAAMUpdater-1.0-Chris-PC-Chris => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {8CA0FB14-7F36-494B-8711-572467127B42} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-04] (IObit)
Task: {9855A3A6-A6E6-492B-B2FC-D597B59C21DE} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-10-13] (IObit)
Task: {A693361F-E889-4462-9253-0DA47767F48B} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {B29FD039-3296-4D52-AF7C-3C9790195C1F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {B7BBA6DE-44D8-48AB-B298-2CED1EB98E5D} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.0.2.17\WSCStub.exe [2014-10-15] (Symantec Corporation)
Task: {C30B53AE-BA45-4A76-8EF4-8B61BAAD3E23} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-03] (IObit)
Task: {CB70FD4A-8290-4EFA-93B0-997E993E6044} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {CB859EC7-04A5-43B1-969D-976B7795DAB5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {D7AFAE7E-5338-4393-A952-194DC869820F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {E8238265-5603-48A3-B525-8E9A8F2F5157} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Chris.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-30 18:47 - 2013-08-30 18:47 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 13:41 - 2012-10-22 13:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 13:42 - 2012-10-22 13:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-08-30 18:47 - 2013-08-30 18:47 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-11-19 15:13 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-04 08:56 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-11-29 12:30 - 2012-09-20 10:00 - 00036864 _____ () C:\Windows\runSW.exe
2014-08-31 00:20 - 2014-10-14 23:35 - 06281024 _____ () C:\Users\Chris\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-06-06 09:57 - 2012-09-24 16:28 - 00029984 _____ () C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
2013-11-29 12:30 - 2013-06-12 20:11 - 00303952 _____ () C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe
2014-11-19 16:04 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2013-10-10 08:36 - 2009-03-19 21:35 - 00208896 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
2013-10-10 08:36 - 2009-03-19 21:35 - 00008704 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
2013-10-10 08:36 - 2009-01-15 13:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2013-10-10 08:36 - 2009-03-25 15:53 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-06 09:57 - 2013-02-18 15:13 - 00106496 _____ () C:\Program Files (x86)\NETGEAR\A6200\GWlanController.dll
2014-06-06 09:57 - 2013-03-26 16:00 - 00018944 _____ () C:\Program Files (x86)\NETGEAR\A6200\GWPSController.dll
2014-11-09 14:04 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-09 14:04 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-09 14:04 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-26 06:24 - 2014-11-25 00:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-26 06:24 - 2014-11-25 00:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-26 06:24 - 2014-11-25 00:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-26 06:24 - 2014-11-25 00:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2013-11-29 12:30 - 2013-06-05 19:52 - 00446464 _____ () C:\Program Files (x86)\Linksys WUSB6300\WifiLib.dll
2014-11-19 16:05 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2014-11-19 16:05 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2014-11-19 16:05 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2014-04-11 06:44 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2014-04-11 06:44 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2014-04-11 06:44 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2014-04-11 06:44 - 2013-12-12 18:46 - 08001344 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll
2014-04-11 06:44 - 2013-05-16 19:26 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2014-04-11 06:44 - 2013-10-16 22:17 - 00185168 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\libcurl-4.dll
2014-04-11 06:44 - 2013-05-16 19:26 - 00145216 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2014-11-09 14:04 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-09 14:04 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2169360837-1742251912-862815689-500 - Administrator - Disabled)
Chris (S-1-5-21-2169360837-1742251912-862815689-1000 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-2169360837-1742251912-862815689-501 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Linksys WMP600N Wireless-N PCI Adapter with Dual-Band
Description: Linksys WMP600N Wireless-N PCI Adapter with Dual-Band
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Linksys,a division of Cisco Systems,Inc.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/06/2014 07:04:57 AM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (12/06/2014 07:04:57 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (12/06/2014 07:04:57 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (12/05/2014 02:33:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IMF.exe, version: 2.5.0.8, time stamp: 0x54390517
Faulting module name: unrar.dll, version: 4.0.2.329, time stamp: 0x4cef5f22
Exception code: 0xc0000409
Fault offset: 0x0000a4e4
Faulting process id: 0x5d0
Faulting application start time: 0xIMF.exe0
Faulting application path: IMF.exe1
Faulting module path: IMF.exe2
Report Id: IMF.exe3
 
Error: (12/04/2014 11:41:50 PM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (12/04/2014 11:41:50 PM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (12/04/2014 01:05:31 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The interface is unknown
 
Error: (12/04/2014 01:05:31 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (12/03/2014 10:23:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program snes9x-x64.exe version 1.5.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3100
 
Start Time: 01d00f795f23548e
 
Termination Time: 15
 
Application Path: C:\Users\Chris\Desktop\bsnes_v087-64bit\snes9x-1.53-x64\snes9x-x64.exe
 
Report Id: 361b58c2-7b6d-11e4-b442-60a44cab7ebd
 
Error: (11/30/2014 06:35:59 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
 
System errors:
=============
Error: (12/06/2014 02:57:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Avgldx64
 
Error: (12/06/2014 02:57:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (12/06/2014 02:57:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (12/06/2014 02:56:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG WatchDog service failed to start due to the following error: 
%%3
 
Error: (12/06/2014 02:56:11 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.
 
Error: (12/06/2014 02:55:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (12/06/2014 06:48:39 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Avgldx64
 
Error: (12/06/2014 06:47:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG WatchDog service failed to start due to the following error: 
%%3
 
Error: (12/06/2014 06:47:54 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.
 
Error: (12/06/2014 06:47:39 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
 
Microsoft Office Sessions:
=========================
Error: (12/06/2014 07:04:57 AM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (12/06/2014 07:04:57 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (12/06/2014 07:04:57 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (12/05/2014 02:33:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IMF.exe2.5.0.854390517unrar.dll4.0.2.3294cef5f22c00004090000a4e45d001d010c4a4886b8aC:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exeC:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll00249623-7cbe-11e4-8924-b31086393141
 
Error: (12/04/2014 11:41:50 PM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (12/04/2014 11:41:50 PM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (12/04/2014 01:05:31 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The interface is unknown
 
Error: (12/04/2014 01:05:31 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (12/03/2014 10:23:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: snes9x-x64.exe1.5.3.0310001d00f795f23548e15C:\Users\Chris\Desktop\bsnes_v087-64bit\snes9x-1.53-x64\snes9x-x64.exe361b58c2-7b6d-11e4-b442-60a44cab7ebd
 
Error: (11/30/2014 06:35:59 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-06 15:12:28.970
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-06 15:05:07.527
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-06 07:00:34.983
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-05 23:43:05.578
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-05 23:36:43.385
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-05 10:32:22.527
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-05 10:19:24.812
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-05 08:32:43.970
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-04 23:28:19.472
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-04 23:13:25.528
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-4100 Quad-Core Processor 
Percentage of memory in use: 33%
Total physical RAM: 8174.12 MB
Available physical RAM: 5466.93 MB
Total Pagefile: 16346.41 MB
Available Pagefile: 13312.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:698.54 GB) (Free:409.05 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:2794.39 GB) (Free:1988.6 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 29D8BEAC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 2794.5 GB) (Disk ID: 5981E339)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:21 PM

Posted 07 December 2014 - 09:38 AM

hi,

 

Ok we will use FRST then get two downloads to use.

 

 Open notepad

 Please copy and paste the contents of whats in between the lines below, (dont paste in the lines themselves)- into notepad and save it to your desktop  as fixlist.txt

 

Next. Launch FRST like you did before and this time press the Fix button just once and wait, the program will automatically launch fixlist.txt.
The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply. If prompted reboot machine.

-------------------------------------------------------------------------

 

HKU\S-1-5-21-2169360837-1742251912-862815689-1000\...\MountPoints2: {5dc21546-3233-11e3-8dd1-806e6f6e6963} - D:\SETUP.exe
HKU\S-1-5-21-2169360837-1742251912-862815689-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2425632 2014-11-17] (IObit)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Task: {538930CD-0970-4835-8FD3-F38EA474F7D9} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {63F8D86A-B26C-4648-B5A2-53C22F8C8BEF} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
URLSearchHook: HKU\S-1-5-21-2169360837-1742251912-862815689-1000 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE64.dll (Spigot, Inc.)
URLSearchHook: HKU\S-1-5-21-2169360837-1742251912-862815689-1000 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE.dll (Spigot, Inc.)
Hosts:
EmptyTemp:
-------------------------------------------------------------------------------
 
Next:
 
Download Minitoolbox to your desktop. Doubleclick the icon
http://www.bleepingcomputer.com/download/minitoolbox/dl/65/
 
Checkmark the following boxes in the list of items:
 
Reset IE Proxy Settings
Reset FF Proxy Settings

 
Click Go and post the result.
 
One more to go:
Please download Adwcleaner.exe to your desktop.
    Double click on AdwCleaner.exe, select OK
    Click on the Scan button
    Once its done click on the Clean button
    Machine will reboot and on restart display a log
    Copy and paste the contents of the log file in your reply
    You can also find the logfile at C:\AdwCleaner[R1].txt as well
   
Lets see what all that does and we will go from there.

How Can I Reduce My Risk to Malware?


#5 c_farmer

c_farmer
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 07 December 2014 - 04:29 PM

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2014 01
Ran by Chris at 2014-12-07 15:02:15 Run:1
Running from C:\Users\Chris\Desktop
Loaded Profile: Chris (Available profiles: Chris)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-2169360837-1742251912-862815689-1000\...\MountPoints2: {5dc21546-3233-11e3-8dd1-806e6f6e6963} - D:\SETUP.exe
HKU\S-1-5-21-2169360837-1742251912-862815689-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2425632 2014-11-17] (IObit)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Task: {538930CD-0970-4835-8FD3-F38EA474F7D9} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {63F8D86A-B26C-4648-B5A2-53C22F8C8BEF} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
URLSearchHook: HKU\S-1-5-21-2169360837-1742251912-862815689-1000 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE64.dll (Spigot, Inc.)
URLSearchHook: HKU\S-1-5-21-2169360837-1742251912-862815689-1000 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE.dll (Spigot, Inc.)
Hosts:
EmptyTemp:
*****************
 
"HKU\S-1-5-21-2169360837-1742251912-862815689-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dc21546-3233-11e3-8dd1-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{5dc21546-3233-11e3-8dd1-806e6f6e6963}" => Key not found.
"HKU\S-1-5-21-2169360837-1742251912-862815689-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-2169360837-1742251912-862815689-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 8 => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{538930CD-0970-4835-8FD3-F38EA474F7D9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{538930CD-0970-4835-8FD3-F38EA474F7D9}" => Key deleted successfully.
C:\Windows\System32\Tasks\SpyHunter4Startup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63F8D86A-B26C-4648-B5A2-53C22F8C8BEF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63F8D86A-B26C-4648-B5A2-53C22F8C8BEF}" => Key deleted successfully.
C:\Windows\System32\Tasks\Express FilesUpdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express FilesUpdate" => Key deleted successfully.
HKU\S-1-5-21-2169360837-1742251912-862815689-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => value deleted successfully.
"HKCR\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}" => Key deleted successfully.
HKU\S-1-5-21-2169360837-1742251912-862815689-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Value not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 367.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Result.txt
 
MiniToolBox by Farbar  Version: 30-11-2014
Ran by Chris (administrator) on 07-12-2014 at 15:15:54
Running from "C:\Users\Chris\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
 
**** End of log ****
 
AdwCleaner[S0].txt
 
# AdwCleaner v4.104 - Report created 07/12/2014 at 15:18:54
# Updated 05/12/2014 by Xplode
# Database : 2014-12-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Chris - CHRIS-PC
# Running from : C:\Users\Chris\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\IObit Apps Toolbar
Folder Deleted : C:\Program Files (x86)\MediaWatchV1
Folder Deleted : C:\Users\Chris\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Chris\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Chris\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\hb2yq1gw.default\Extensions\adremoveext@adremoveext.net
File Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\hb2yq1gw.default\user.js
File Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage
File Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
File Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Driver Booster Scan
Task Deleted : Driver Booster Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\Search Protection
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\MediaWatchV1
Key Deleted : HKLM\SOFTWARE\Search Settings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
 
-\\ Google Chrome v39.0.2171.71
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [6020 octets] - [07/12/2014 15:17:31]
AdwCleaner[S0].txt - [5875 octets] - [07/12/2014 15:18:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5935 octets] ##########
 


#6 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:21 PM

Posted 07 December 2014 - 09:35 PM

hi,

 

Ok good. Hows it all looking on your end now? Anything from Norton? Lets get another download that targets adware like Adwcleaner:

 

Please download Junkware Removal Tool to your desktop.

http://thisisudax.org/downloads/JRT.exe

    Double click the icon or Right click for Vista/W7,8 and select Run as admin
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message


How Can I Reduce My Risk to Malware?


#7 c_farmer

c_farmer
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 11 December 2014 - 08:28 PM

hi,

 

Due to unforseeen circumstances I have been unable to complete an entire scan of JRT.exe in the past few days. I will start it again tonight and hope it can finish an entire scan and provide a log to post here. I apologize for the delay in responding and hope you will stick around to continue helping me. Thank you very much.


Edited by c_farmer, 11 December 2014 - 08:28 PM.


#8 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:21 PM

Posted 12 December 2014 - 09:09 AM

Ok no problem. If your having trouble running JRT you can try disabling your Antivirus/Antimalware first. Usually a right click on the icon by the clock then select> exit, stop or something. Then try running JRT.   A reboot will get them running again. If that dosnt work then dont worry about it and we will skip using JRT.


How Can I Reduce My Risk to Malware?


#9 c_farmer

c_farmer
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 13 December 2014 - 02:43 AM

Hello,

I have been unable to complete a full scan of JRT.exe in the past few days. The program has consistently hung at the "Checking Shortcuts" part of the scan in excess of 24 hours. While I understand that the JRT.exe scan is supposed to take a long time, this seems excessive, and indicative of an error.

What is my next action?



#10 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:21 PM

Posted 13 December 2014 - 02:10 PM

 Hi,

 

OK, forget JRT.exe, you can delete it off the desktop. Theres another download you can get. the free version of Malwarebytes. Its something you can keep and use. The free version must be updated manually and a scan started manually.  Lets see if it can dig up anything else:

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.

http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe
 

    Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:
        Launch Malwarebytes Anti-Malware
        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal   capabilities of the program.
    Click Finish.
    On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
    Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    A Threat Scan will begin.
    With some infections, you may see this message box.
        'Could not load DDA driver'
    Click 'Yes' to this message, to allow the driver to load after a restart.
    Allow the computer to restart. Continue with the rest of these instructions.
    When the scan is complete, click Apply Actions.
    Wait for the prompt to restart the computer to appear, then click on Yes.
    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply.


How Can I Reduce My Risk to Malware?


#11 c_farmer

c_farmer
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 14 December 2014 - 11:04 AM

Hi,
 
MBAM scan log follows:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/14/2014
Scan Time: 12:27:05 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.14.02
Rootkit Database: v2014.12.08.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Chris
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359653
Time Elapsed: 28 min, 7 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
Trojan.FakeMS.ED, HKLM\SOFTWARE\CLASSES\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}, Quarantined, [5f68fe62f08c78be9d7004dea45d26da], 
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\WOW6432NODE\MediaWatchV1home6635, Quarantined, [ba0d75eb502c6dc92d1eb90850b456aa], 
 
Registry Values: 1
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaWatchV1home6635.net, C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home6635\ff, Quarantined, [d7f0fd635725270f400cfdc463a19769]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.Spigot.A, C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp, Quarantined, [23a44c1435474ee808d37eb09d666997], 
 
Files: 3
Trojan.FakeMS.ED, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\wsdchngr.dll, Delete-on-Reboot, [5f68fe62f08c78be9d7004dea45d26da], 
PUP.Optional.Spigot.A, C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\000005.sst, Quarantined, [23a44c1435474ee808d37eb09d666997], 
PUP.Optional.Spigot.A, C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\LOG.old, Quarantined, [23a44c1435474ee808d37eb09d666997], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:21 PM

Posted 14 December 2014 - 05:35 PM

Looks like MBAM dug up some stuff. Hows it looking on your end now?


How Can I Reduce My Risk to Malware?


#13 c_farmer

c_farmer
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 16 December 2014 - 11:31 AM

It seems that Norton has stopped constantly reporting attacks as mentioned in my opening post in this thread, so some good has indeed been done. Other maintenance programs such as Advanced Systemcare Pro are now consistently showing a clean machine, even after reboots. I'm going to assume the worst has finally been routed out.

 

I'd feel fine closing the book on this, unless there's a final sweep we should do.


Edited by c_farmer, 16 December 2014 - 11:31 AM.


#14 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:21 PM

Posted 16 December 2014 - 06:13 PM

Ok Good. We can call it done then. One thing you can do is get one more download that will remove the tools we used. Namely FRST, JRT and Adwcleaner. It will remove them then delete itself:

 

    please download Delfix.exe and save it to your desktop:

    https://toolslib.net/downloads/viewdownload/2-delfix/

    Right click and select "run as admin" check: "Remove disinfection tools" and click on the Run button.
    The tool will delete itself once it finishes. You can delete the log it generates

 

The free version of Malwarebytes you can keep and use as a anitmalware tool. Its not antivirus. Just remember with the free version a scan has to be started manually and keep it updated.

 

Happy safe surfing out there.


How Can I Reduce My Risk to Malware?


#15 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:21 PM

Posted 25 December 2014 - 03:27 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users