Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

POssible FUD rat on my computer


  • This topic is locked This topic is locked
11 replies to this topic

#1 reejus

reejus

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 16 December 2014 - 02:27 PM

I think i have a FUD rat on my computer ,programs are being opened and closed on its own , settings for some of my programs got changed when I was no where near them. Just a few hours ago a program called samsung magician suddenly tries to exit while I was doing nothing on my computer. Im running norton anti virus and malware bytes.

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by 675990 at 11:17:43 on 2014-12-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8104.3424 [GMT -8:00]
.
AV: Norton Security Suite *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\sysWow64\CtHdaSvc.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
C:\Windows\runSW.exe
C:\Windows\system32\RAPID\SamsungRapidSvc.exe
C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
C:\Program Files\COMODO\GeekBuddy\unit.exe
C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\HMA! Pro VPN\bin\HMA! Pro VPN.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Battle.net\Battle.net.5383\Battle.net.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SwUSB.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: VIPRE Search Guard Helper: {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - 
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - 
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll
uRun: [Battle.net] "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe" --autostarted
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Sound Blaster Z-Series Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe" /r
mRun: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Raptr] "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KILLER~1.LNK - C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files\COMODO\GeekBuddy\launcher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - 
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{20C02459-6AF5-4042-A22C-22FCF752CC6B} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{355627A4-5B78-42EC-A5CB-32DD8632AED1} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - 
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll
x64-BHO: VIPRE Search Guard Helper: {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - 
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - 
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - 
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [SamsungRapidApp] C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - 
x64-Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - 
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\675990\AppData\Roaming\Mozilla\Firefox\Profiles\yzvgunrm.default\
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-4-11 645480]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-4-11 28008]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-10-5 20464]
R0 SamsungRapidDiskFltr;SAMSUNG RAPID Mode Disk Filter Driver;C:\Windows\System32\drivers\SamsungRapidDiskFltr.sys [2014-12-8 268976]
R0 SamsungRapidFSFltr;SamsungRapidFSFltr;C:\Windows\System32\drivers\SamsungRapidFSFltr.sys [2014-9-16 111280]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys [2014-12-11 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys [2014-12-11 1148120]
R1 BfLwf;Qualcomm Atheros Bandwidth Control;C:\Windows\System32\drivers\bflwfx64.sys [2013-2-13 67888]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [2014-12-9 1587416]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys [2014-12-11 162392]
R1 CFRMD;CFRMD;C:\Windows\System32\drivers\CFRMD.sys [2014-6-25 37976]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-10-23 283064]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141212.002\IDSviA64.sys [2014-12-12 637656]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys [2014-12-11 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys [2014-12-11 593112]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-11-17 239616]
R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2014-9-25 70864]
R2 CtHdaSvc;Sound Blaster Audio Service;C:\Windows\SysWOW64\CtHdaSvc.exe [2013-7-3 112640]
R2 GeekBuddyRSP;GeekBuddyRSP Server;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2014-9-24 2327248]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-13 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-13 969016]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe [2014-12-11 265040]
R2 Qualcomm Atheros Killer Service V2;Qualcomm Atheros Killer Service V2;C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [2013-8-8 343040]
R2 RunSwUSB;RunSwUSB;C:\Windows\runSW.exe [2014-12-11 48856]
R2 SamsungRapidSvc;Samsung RAPID Mode Service;system32\RAPID\SamsungRapidSvc.exe --> system32\RAPID\SamsungRapidSvc.exe [?]
R2 WSWUSB6300;WSWUSB6300;C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe [2014-12-11 312144]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-6-21 94720]
R3 cthda;Sound Blaster Audio Driver;C:\Windows\System32\drivers\cthda.sys [2013-7-3 1060632]
R3 cthdb;Sound Blaster Audio Controller Driver;C:\Windows\System32\drivers\cthdb.sys [2013-7-3 34072]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-12-11 142640]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-10-5 370672]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-10-5 791024]
R3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;C:\Windows\System32\drivers\e22W7x64.sys [2013-3-20 154320]
R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2014-10-5 222200]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-13 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-13 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-13 63704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2014-11-27 31160]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2014-9-2 614624]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2014-10-5 1900400]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-11-12 19456]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-3-11 13368]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTWlanU.sys [2014-12-11 2978520]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-11-12 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-10-5 1255736]
.
=============== Created Last 30 ================
.
2014-12-16 09:51:06 -------- d-----w- C:\AdwCleaner
2014-12-16 09:29:48 -------- d-----w- C:\Users\675990\AppData\Roaming\Gyazo
2014-12-16 09:28:50 -------- d-----w- C:\Program Files (x86)\Gyazo
2014-12-16 08:07:23 -------- d-----w- C:\Program Files (x86)\Common Files\COMODO
2014-12-16 07:43:19 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-12-16 07:43:19 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2014-12-16 07:43:19 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2014-12-16 07:30:33 -------- d-----w- C:\Program Files\COMODO
2014-12-16 07:30:01 -------- d-----w- C:\ProgramData\Comodo
2014-12-16 07:01:13 -------- d-----w- C:\NPE
2014-12-16 07:00:05 -------- d-----w- C:\Users\675990\AppData\Local\NPE
2014-12-12 01:21:25 594432 ----a-w- C:\Windows\SysWow64\Rtlihvs.dll
2014-12-12 01:21:25 48856 ----a-w- C:\Windows\runSW.exe
2014-12-12 01:21:25 446464 ----a-w- C:\Windows\SwUSB.exe
2014-12-12 01:21:25 2978520 ----a-w- C:\Windows\System32\drivers\RTWlanU.sys
2014-12-12 01:21:25 -------- d-----w- C:\Program Files (x86)\Linksys WUSB6300
2014-12-11 09:10:27 876248 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtsp64.sys
2014-12-11 09:10:27 593112 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys
2014-12-11 09:10:27 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys
2014-12-11 09:10:27 37592 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtspx64.sys
2014-12-11 09:10:27 266968 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys
2014-12-11 09:10:27 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symelam.sys
2014-12-11 09:10:27 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys
2014-12-11 09:10:27 1148120 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys
2014-12-11 09:10:24 -------- d-----w- C:\Windows\System32\drivers\N360x64\1506000.020
2014-12-11 08:36:14 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2014-12-11 08:09:44 78936 ----a-r- C:\Windows\System32\drivers\SymIMV.sys
2014-12-11 08:07:19 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-12-11 08:07:19 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2014-12-11 08:07:11 -------- d-----w- C:\Windows\System32\drivers\N360x64
2014-12-11 08:07:10 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2014-12-11 08:07:07 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2014-12-11 07:46:06 -------- d-----w- C:\Windows\System32\appraiser
2014-12-11 07:43:32 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-11 07:43:31 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-10 11:55:04 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-10 11:55:04 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-10 11:55:04 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-10 11:55:04 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-10 11:55:04 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-10 11:55:04 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-10 11:55:04 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-12-10 11:55:04 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-09 12:28:46 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{69D3ADA1-AE92-4AD2-A21C-A9685FE3158C}\mpengine.dll
2014-12-09 08:02:04 -------- d-----w- C:\Program Files (x86)\HMA! Pro VPN
2014-12-09 06:17:35 -------- d-----w- C:\ProgramData\Qualcomm
2014-12-09 06:17:21 -------- d-----w- C:\Program Files\Qualcomm Atheros
2014-12-09 05:05:00 268976 ----a-w- C:\Windows\System32\drivers\SamsungRapidDiskFltr.sys
2014-12-09 05:04:59 -------- d-----w- C:\Windows\System32\RAPID
2014-12-09 05:04:53 -------- d-----w- C:\Program Files (x86)\RAPID
2014-12-09 01:08:42 -------- d-----w- C:\Wow
2014-12-02 04:49:23 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-02 04:49:23 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-29 05:22:21 -------- d-----w- C:\Program Files (x86)\Common Files\ASUS MultiFrame
2014-11-29 05:22:21 -------- d-----w- C:\Program Files (x86)\ASUS
2014-11-29 05:16:29 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2014-11-29 05:16:29 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-11-29 05:16:15 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2014-11-29 05:16:01 -------- d-----w- C:\Program Files\AMD
2014-11-29 05:15:27 -------- d-----w- C:\Program Files\ATI Technologies
2014-11-28 06:30:18 -------- d-----w- C:\Users\675990\AppData\Local\PassMark
2014-11-28 06:30:14 -------- d-----w- C:\ProgramData\Passmark
2014-11-28 06:30:12 -------- d-----w- C:\Program Files\PerformanceTest
2014-11-25 06:22:37 129752 ----a-w- C:\Windows\System32\drivers\249A3BDD.sys
2014-11-20 09:47:40 -------- d-----w- C:\Users\675990\AppData\Local\ElevatedDiagnostics
2014-11-18 18:51:57 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-18 18:51:57 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-18 18:51:57 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-18 18:51:57 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-18 08:08:44 -------- d-----w- C:\Program Files\Logitech Gaming Software
2014-11-18 07:39:30 -------- d-----w- C:\Program Files\Bonjour
2014-11-18 07:39:30 -------- d-----w- C:\Program Files (x86)\Bonjour
2014-11-17 23:08:00 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2014-11-17 23:03:08 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2014-11-17 22:55:36 -------- d-----w- C:\FixMeStick
2014-11-17 20:16:20 128384 ----a-w- C:\Windows\System32\amdhcp64.dll
2014-11-17 20:16:18 118096 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
2014-11-17 20:16:16 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2014-11-17 20:16:16 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2014-11-17 20:16:14 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2014-11-17 20:16:14 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2014-11-17 20:16:00 144328 ----a-w- C:\Windows\System32\atiuxp64.dll
2014-11-17 20:15:58 126848 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2014-11-17 20:15:56 118096 ----a-w- C:\Windows\System32\atiu9p64.dll
2014-11-17 20:15:54 100032 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2014-11-17 20:15:50 1342760 ----a-w- C:\Windows\System32\aticfx64.dll
2014-11-17 20:15:46 1118720 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2014-11-17 20:15:40 10889312 ----a-w- C:\Windows\System32\atidxx64.dll
2014-11-17 20:15:36 9314984 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2014-11-17 20:15:28 7208104 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2014-11-17 20:15:22 7028336 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2014-11-17 20:15:14 8045488 ----a-w- C:\Windows\System32\atiumd6a.dll
2014-11-17 20:15:10 8295784 ----a-w- C:\Windows\System32\atiumd64.dll
2014-11-17 20:13:08 297672 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
2014-11-17 20:11:26 16756736 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2014-11-17 19:57:26 235008 ----a-w- C:\Windows\System32\clinfo.exe
2014-11-17 19:57:14 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2014-11-17 19:57:14 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2014-11-17 19:57:14 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2014-11-17 19:57:14 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2014-11-17 19:57:10 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2014-11-17 19:57:04 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2014-11-17 19:56:58 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2014-11-17 19:56:54 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2014-11-17 19:56:48 33869824 ----a-w- C:\Windows\System32\amdocl64.dll
2014-11-17 19:53:38 28772352 ----a-w- C:\Windows\SysWow64\amdocl.dll
2014-11-17 19:50:40 65024 ----a-w- C:\Windows\System32\OpenCL.dll
2014-11-17 19:50:36 58880 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-11-17 19:12:02 127488 ----a-w- C:\Windows\System32\mantle64.dll
2014-11-17 19:11:42 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
2014-11-17 19:11:18 5836800 ----a-w- C:\Windows\System32\amdmantle64.dll
2014-11-17 19:10:32 28356608 ----a-w- C:\Windows\System32\atio6axx.dll
2014-11-17 18:54:42 4590080 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
2014-11-17 18:49:02 23627264 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2014-11-17 18:40:28 91648 ----a-w- C:\Windows\System32\mantleaxl64.dll
2014-11-17 18:40:16 85504 ----a-w- C:\Windows\SysWow64\mantleaxl32.dll
2014-11-17 18:40:00 367104 ----a-w- C:\Windows\System32\atiapfxx.exe
2014-11-17 18:39:52 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2014-11-17 18:39:50 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2014-11-17 18:39:42 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2014-11-17 18:39:40 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2014-11-17 18:39:26 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2014-11-17 18:36:06 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2014-11-17 18:22:08 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2014-11-17 18:21:56 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2014-11-17 18:21:48 623616 ----a-w- C:\Windows\System32\atieclxx.exe
2014-11-17 18:21:10 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2014-11-17 18:20:06 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2014-11-17 18:17:06 48128 ----a-w- C:\Windows\System32\amdmmcl6.dll
2014-11-17 18:17:00 37888 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
2014-11-17 18:06:04 839168 ----a-w- C:\Windows\System32\coinst_14.30.dll
2014-11-17 17:55:12 1211392 ----a-w- C:\Windows\System32\atiadlxx.dll
2014-11-17 17:55:00 901120 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2014-11-17 17:54:46 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
2014-11-17 17:54:44 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2014-11-17 17:54:44 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2014-11-17 17:54:40 146944 ----a-w- C:\Windows\System32\atig6txx.dll
2014-11-17 17:54:26 133632 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2014-11-17 17:54:12 581120 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2014-11-17 17:52:18 95744 ----a-w- C:\Windows\System32\amdave64.dll
2014-11-17 17:52:12 90112 ----a-w- C:\Windows\SysWow64\amdave32.dll
2014-11-17 17:52:00 89088 ----a-w- C:\Windows\System32\atisamu64.dll
2014-11-17 17:51:56 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
2014-11-17 17:49:40 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2014-11-17 15:17:01 -------- d---a-w- C:\FixMeStick Quarantine
2014-11-16 20:01:54 -------- d-sh--w- C:\Users\675990\AppData\Local\EmieBrowserModeList
.
==================== Find3M  ====================
.
2014-12-16 18:55:31 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-09 06:45:14 215416 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-12-09 06:45:08 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-11-30 02:11:08 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:43 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:55:16 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-21 14:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 14:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 14:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-15 20:38:56 129752 ----a-w- C:\Windows\System32\drivers\11D03DEE.sys
2014-11-13 19:15:21 129752 ----a-w- C:\Windows\System32\drivers\0BE661B1.sys
2014-11-12 11:29:59 129752 ----a-w- C:\Windows\System32\drivers\49BF2558.sys
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 20:24:27 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-11-04 22:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-26 14:53:32 105800 ----a-w- C:\Windows\System32\KeyScramblerLogon.dll
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-24 06:22:15 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-07 20:47:40 76152 ----a-w- C:\Windows\System32\PnkBstrA.exe
2014-10-07 20:24:44 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-10-07 04:29:54 10395072 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
2014-10-05 21:07:40 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-05 20:12:00 175616 ----a-w- C:\Windows\System32\msclmd.dll
2014-10-05 20:12:00 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2014-10-05 19:56:03 0 ----a-w- C:\Windows\ativpsrm.bin
2014-10-05 19:53:20 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2014-10-05 19:53:20 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2014-10-05 19:53:20 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2014-10-05 19:53:20 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2014-10-03 02:12:23 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll
2014-10-03 02:12:23 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll
2014-10-03 02:12:22 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-10-03 02:12:22 181248 ----a-w- C:\Windows\System32\WsmAuto.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 02:11:49 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
2014-10-03 01:45:03 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-10-03 01:45:03 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll
2014-10-03 01:45:03 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll
2014-10-03 01:45:03 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:44:25 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
.
============= FINISH: 11:17:51.38 ===============
 


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:26 AM

Posted 21 December 2014 - 09:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Nothing suspicious was found on your DDS log.
Lets check further.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 reejus

reejus
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 22 December 2014 - 01:23 AM

adwcleaner:

 

# AdwCleaner v4.106 - Report created 21/12/2014 at 22:20:20
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : 675990 - 675990-PC
# Running from : F:\downloads HDD\AdwCleaner (2).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\Users\675990\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v33.1 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [1610 octets] - [16/12/2014 01:51:10]
AdwCleaner[R1].txt - [1670 octets] - [16/12/2014 01:52:45]
AdwCleaner[R2].txt - [1064 octets] - [21/12/2014 22:17:54]
AdwCleaner[R3].txt - [986 octets] - [21/12/2014 22:20:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1045 octets] ##########
 
farbar first.txt:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014 01
Ran by 675990 (administrator) on 675990-PC on 21-12-2014 22:15:25
Running from F:\downloads HDD
Loaded Profile: 675990 (Available profiles: 675990)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\System32\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
() C:\Windows\runSW.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
() C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Realtek) C:\Windows\SwUSB.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5383\Battle.net.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Privax) C:\Program Files (x86)\HMA! Pro VPN\bin\HMA! Pro VPN.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(The OpenVPN Project) C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
(The OpenVPN Project) C:\Program Files (x86)\HMA! Pro VPN\bin\openvpn.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-20] (Intel Corporation)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [735744 2013-02-27] (Creative Technology Ltd)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [508744 2014-10-26] (QFX Software Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [773256 2014-12-16] (Webroot)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-341382582-1989552550-2567787316-1000\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2864688 2014-12-10] (Blizzard Entertainment)
HKU\S-1-5-21-341382582-1989552550-2567787316-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-341382582-1989552550-2567787316-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-341382582-1989552550-2567787316-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-341382582-1989552550-2567787316-1000\...\MountPoints2: {71b37777-4cc6-11e4-9b88-806e6f6e6963} - "E:\Install Navigator.exe"
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-10-05] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll (Webroot)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-341382582-1989552550-2567787316-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll No File
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll No File
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll No File
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220
 
FireFox:
========
FF ProfilePath: C:\Users\675990\AppData\Roaming\Mozilla\Firefox\Profiles\yzvgunrm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Webroot Password Manager - C:\Users\675990\AppData\Roaming\Mozilla\Firefox\Profiles\yzvgunrm.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2014-12-16]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014-12-16]
 
Chrome: 
=======
CHR Profile: C:\Users\675990\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\675990\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-06]
CHR Extension: (Google Docs) - C:\Users\675990\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-06]
CHR Extension: (Google Drive) - C:\Users\675990\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\675990\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-06]
CHR Extension: (YouTube) - C:\Users\675990\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-06]
CHR Extension: (Google Search) - C:\Users\675990\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-06]
CHR Extension: (Google Sheets) - C:\Users\675990\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-06]
CHR Extension: (Google Wallet) - C:\Users\675990\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-06]
CHR Extension: (Webroot Password Manager) - C:\Users\675990\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2014-12-16]
CHR Extension: (Gmail) - C:\Users\675990\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-06]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.2.42.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-12-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [112640 2013-07-03] (Creative Technology Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-09-02] (Futuremark)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2014-10-29] (The OpenVPN Project)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-28] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-10-07] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-10-07] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] ()
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [773256 2014-12-16] (Webroot)
R2 WSWUSB6300; C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe [312144 2013-07-22] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1060632 2013-07-03] (Creative Technology Ltd)
R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [34072 2013-07-03] (Creative Technology Ltd)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31160 2014-04-24] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-23] (Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222200 2013-05-31] (QFX Software Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2014-01-10] (Realtek Semiconductor Corporation                           )
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115680 2014-12-16] (Webroot)
S3 cpuz137; \??\C:\Users\675990\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GPU-Z; \??\C:\Users\675990\AppData\Local\Temp\GPU-Z.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-21 22:15 - 2014-12-21 22:15 - 00000000 ____D () C:\FRST
2014-12-20 20:42 - 2014-12-20 20:42 - 00000000 ____D () C:\ProgramData\ATI
2014-12-20 20:41 - 2014-12-20 20:41 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201412202041290044.log
2014-12-20 20:41 - 2014-12-20 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-20 20:41 - 2014-12-20 20:41 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-12-20 20:41 - 2014-12-20 20:41 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-12-20 20:40 - 2014-12-20 20:41 - 00000000 ____D () C:\Program Files\AMD
2014-12-20 20:38 - 2014-12-20 20:38 - 00055688 _____ () C:\Windows\SysWOW64\CCCInstall_201412202038323599.log
2014-12-20 20:35 - 2014-12-20 20:35 - 00056548 _____ () C:\Windows\SysWOW64\CCCInstall_201412202035159307.log
2014-12-20 20:31 - 2014-12-20 20:31 - 00052689 _____ () C:\Windows\SysWOW64\CCCInstall_201412202031139762.log
2014-12-20 20:03 - 2014-12-20 20:03 - 00000000 _____ () C:\Windows\SysWOW64\SET366E.tmp
2014-12-20 20:03 - 2014-12-20 20:03 - 00000000 _____ () C:\Windows\SysWOW64\SET2936.tmp
2014-12-20 20:03 - 2014-12-20 20:03 - 00000000 _____ () C:\Windows\SysWOW64\SET249F.tmp
2014-12-20 19:47 - 2014-12-20 19:47 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201412201947160691.log
2014-12-20 19:46 - 2014-12-20 19:46 - 00000000 _____ () C:\Windows\SysWOW64\SETBFA8.tmp
2014-12-20 19:46 - 2014-12-20 19:46 - 00000000 _____ () C:\Windows\SysWOW64\SETAE22.tmp
2014-12-19 13:37 - 2014-12-19 13:37 - 00000000 ____D () C:\Windows\system32\RAPID
2014-12-19 13:36 - 2014-12-19 13:37 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-12-19 13:36 - 2014-12-19 13:36 - 00003278 _____ () C:\Windows\System32\Tasks\SamsungMagician
2014-12-19 13:36 - 2014-12-19 13:36 - 00001228 _____ () C:\Users\Public\Desktop\Samsung Magician.lnk
2014-12-19 13:36 - 2014-12-19 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2014-12-16 12:50 - 2014-12-16 13:09 - 00000000 ____D () C:\Users\675990\AppData\Local\lptmp1256224464
2014-12-16 12:49 - 2014-12-16 12:49 - 00154760 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2014-12-16 12:49 - 2014-12-16 12:49 - 00115680 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2014-12-16 12:49 - 2014-12-16 12:49 - 00105320 _____ (Webroot) C:\Windows\system32\WRusr.dll
2014-12-16 12:49 - 2014-12-16 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2014-12-16 12:48 - 2014-12-19 13:42 - 00000000 ____D () C:\ProgramData\WRData
2014-12-16 01:51 - 2014-12-16 01:53 - 00000000 ____D () C:\AdwCleaner
2014-12-16 01:29 - 2014-12-16 01:30 - 00000000 ____D () C:\Users\675990\AppData\Roaming\Gyazo
2014-12-16 01:28 - 2014-12-16 02:28 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2014-12-16 01:28 - 2014-12-16 01:28 - 00003752 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2014-12-16 01:28 - 2014-12-16 01:28 - 00000985 _____ () C:\Users\Public\Desktop\Gyazo.lnk
2014-12-16 01:28 - 2014-12-16 01:28 - 00000985 _____ () C:\Users\Public\Desktop\Gyazo GIF.lnk
2014-12-16 01:28 - 2014-12-16 01:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-12-15 23:43 - 2014-12-15 23:43 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-12-15 23:43 - 2014-12-15 23:43 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-12-15 23:43 - 2014-12-15 23:43 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-12-15 23:30 - 2014-12-16 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-12-15 23:30 - 2014-12-15 23:57 - 00000000 ____D () C:\ProgramData\Comodo
2014-12-15 23:30 - 2014-12-15 23:57 - 00000000 ____D () C:\Program Files\COMODO
2014-12-15 23:01 - 2014-12-15 23:01 - 00000000 ____D () C:\NPE
2014-12-15 23:00 - 2014-12-15 23:04 - 00000000 ____D () C:\Users\675990\AppData\Local\NPE
2014-12-12 12:22 - 2014-12-12 12:36 - 00006238 _____ () C:\Users\675990\Documents\Install STAR WARS The Old Republic.log
2014-12-12 12:22 - 2014-12-12 12:36 - 00000000 _____ () C:\end
2014-12-11 17:21 - 2014-12-21 10:04 - 00063804 _____ () C:\Windows\runSW.log
2014-12-11 17:21 - 2014-12-11 17:21 - 00000000 ____D () C:\Program Files (x86)\Linksys WUSB6300
2014-12-11 17:21 - 2014-01-10 10:22 - 02978520 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTWlanU.sys
2014-12-11 17:21 - 2013-11-22 10:54 - 00446464 _____ (Realtek) C:\Windows\SwUSB.exe
2014-12-11 17:21 - 2013-10-18 16:42 - 00048856 _____ () C:\Windows\runSW.exe
2014-12-11 17:21 - 2012-02-14 19:37 - 00594432 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\Rtlihvs.dll
2014-12-11 00:07 - 2014-12-11 00:07 - 00001269 _____ () C:\Users\675990\Desktop\Norton Installation Files.lnk
2014-12-10 23:46 - 2014-12-10 23:46 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 23:43 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 23:43 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 03:55 - 2014-12-03 18:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 03:55 - 2014-12-03 18:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 03:55 - 2014-12-03 18:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 03:55 - 2014-12-03 18:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 03:55 - 2014-12-03 18:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 03:55 - 2014-12-03 18:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 03:55 - 2014-12-03 18:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 03:55 - 2014-12-01 15:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 03:54 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 03:54 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 03:54 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 03:54 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 03:54 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 03:54 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 03:54 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 03:54 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 03:54 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 03:54 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 03:54 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 03:54 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 03:54 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 03:54 - 2014-11-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 03:54 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 03:54 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 03:54 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 03:54 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 03:54 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 03:54 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 03:54 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 03:54 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 03:54 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 03:54 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 03:54 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 03:54 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 03:54 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 03:54 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 03:54 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 03:54 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 03:54 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 03:54 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 03:54 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 03:54 - 2014-11-21 17:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-10 03:54 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 03:54 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 03:54 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 03:54 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 03:54 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 03:54 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 03:54 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 03:54 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 03:54 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 03:54 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 03:54 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 03:54 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 03:54 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 03:54 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 03:54 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 03:54 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 03:54 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 03:54 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 03:54 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 03:54 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 03:54 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 03:54 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 03:54 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 03:54 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 03:54 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 03:54 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 03:54 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 03:54 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 03:54 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 03:54 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 03:54 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 03:54 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 03:54 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 03:54 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 03:54 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 03:54 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 03:54 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 03:54 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 03:54 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 00:02 - 2014-12-09 00:02 - 00001151 _____ () C:\Users\Public\Desktop\HMA! Pro VPN.lnk
2014-12-09 00:02 - 2014-12-09 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HMA! Pro VPN
2014-12-09 00:02 - 2014-12-09 00:02 - 00000000 ____D () C:\Program Files (x86)\HMA! Pro VPN
2014-12-08 22:17 - 2014-12-08 22:17 - 00002783 _____ () C:\Users\Public\Desktop\Killer Network Manager.lnk
2014-12-08 22:17 - 2014-12-08 22:17 - 00000000 ____D () C:\ProgramData\Qualcomm
2014-12-08 22:17 - 2014-12-08 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qualcomm Atheros
2014-12-08 22:17 - 2014-12-08 22:17 - 00000000 ____D () C:\Program Files\Qualcomm Atheros
2014-12-08 21:28 - 2014-12-08 21:29 - 107203709 _____ () C:\Users\675990\Downloads\mb_driver_lan_bigfoot_9series.zip
2014-12-08 21:05 - 2014-09-16 14:30 - 00268976 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\SamsungRapidDiskFltr.sys
2014-12-08 20:38 - 2014-12-08 20:38 - 01402920 _____ () C:\Users\675990\Downloads\battlelog-web-plugins_2.5.1_149.exe
2014-12-08 17:10 - 2014-12-08 17:10 - 00000925 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-12-08 17:10 - 2014-12-08 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-12-08 17:08 - 2014-12-08 17:08 - 00000000 ____D () C:\Wow
2014-12-01 20:49 - 2014-12-21 21:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-01 20:49 - 2014-12-10 04:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-01 20:49 - 2014-12-10 04:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-01 20:49 - 2014-12-10 04:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-29 21:46 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-11-29 21:46 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-11-29 21:46 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-11-29 21:46 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-11-29 21:46 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-11-29 21:46 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-11-29 21:46 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-11-29 21:46 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-11-29 21:46 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-11-29 21:46 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-11-29 21:46 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-11-29 21:46 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-11-29 21:46 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-11-29 21:46 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-11-29 21:46 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-11-29 21:46 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-11-29 21:46 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-11-29 21:46 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-11-29 21:46 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-11-29 21:46 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-11-29 21:46 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-11-29 21:46 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-11-29 21:46 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-11-29 21:46 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-11-29 17:59 - 2014-11-29 17:59 - 00000000 ___SD () C:\Users\675990\Documents\Passwords Database
2014-11-29 16:13 - 2014-12-20 13:59 - 00000000 ____D () C:\Users\675990\Desktop\chatty
2014-11-28 21:25 - 2014-11-28 21:25 - 00000000 ____D () C:\Users\675990\Desktop\strobe
2014-11-28 21:22 - 2014-11-28 22:39 - 00002603 _____ () C:\Users\Public\Desktop\ASUS MultiFrame.lnk
2014-11-28 21:22 - 2014-11-28 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-11-28 21:22 - 2014-11-28 21:22 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-11-28 21:21 - 2014-11-28 21:21 - 03544156 _____ () C:\Users\675990\Downloads\MultiFrame_V1_1_0_3.zip
2014-11-28 21:16 - 2014-11-28 21:16 - 00056548 _____ () C:\Windows\SysWOW64\CCCInstall_201411282116268511.log
2014-11-28 21:14 - 2014-11-28 21:14 - 00008831 _____ () C:\Users\675990\Downloads\ASUS_VG248_Windows_7_WHQL.zip
2014-11-28 21:09 - 2014-11-28 21:09 - 00055688 _____ () C:\Windows\SysWOW64\CCCInstall_201411282109208662.log
2014-11-27 22:30 - 2014-11-29 20:21 - 00000982 _____ () C:\Users\675990\Desktop\PerformanceTest.lnk
2014-11-27 22:30 - 2014-11-27 22:30 - 00000000 ____D () C:\Users\675990\Documents\PassMark
2014-11-27 22:30 - 2014-11-27 22:30 - 00000000 ____D () C:\Users\675990\AppData\Local\PassMark
2014-11-27 22:30 - 2014-11-27 22:30 - 00000000 ____D () C:\ProgramData\Passmark
2014-11-27 22:30 - 2014-11-27 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest
2014-11-27 22:30 - 2014-11-27 22:30 - 00000000 ____D () C:\Program Files\PerformanceTest
2014-11-26 10:22 - 2014-11-26 10:23 - 00000000 ____D () C:\Users\675990\Desktop\screenshots
2014-11-24 22:22 - 2014-11-24 22:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\249A3BDD.sys
2014-11-24 21:48 - 2014-11-24 21:48 - 00056548 _____ () C:\Windows\SysWOW64\CCCInstall_201411242148484191.log
2014-11-24 21:42 - 2014-11-24 21:42 - 00055688 _____ () C:\Windows\SysWOW64\CCCInstall_201411242142456502.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-21 22:10 - 2014-10-10 21:05 - 00000000 ____D () C:\Users\675990\AppData\Local\Battle.net
2014-12-21 21:26 - 2014-10-06 21:08 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-21 16:27 - 2014-10-13 21:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-21 11:40 - 2014-10-05 11:36 - 01428179 _____ () C:\Windows\WindowsUpdate.log
2014-12-21 10:18 - 2014-10-06 21:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-20 23:39 - 2014-11-08 12:21 - 00000000 ____D () C:\Users\675990\.chatty
2014-12-20 21:33 - 2014-10-05 12:27 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-20 21:19 - 2014-10-07 11:14 - 00196733 _____ () C:\Windows\DirectX.log
2014-12-20 21:11 - 2009-07-13 20:45 - 00023424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-20 21:11 - 2009-07-13 20:45 - 00023424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-20 21:10 - 2009-07-13 21:13 - 00917650 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-20 21:06 - 2014-11-15 21:40 - 00000000 ____D () C:\Users\675990\AppData\Roaming\Raptr
2014-12-20 21:04 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 21:04 - 2009-07-13 20:51 - 00056613 _____ () C:\Windows\setupact.log
2014-12-20 20:41 - 2014-11-15 21:40 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-12-20 20:41 - 2014-10-05 11:49 - 00000000 ____D () C:\ProgramData\AMD
2014-12-20 20:38 - 2014-10-05 11:47 - 00000000 ____D () C:\Program Files\ATI
2014-12-20 19:44 - 2014-10-05 11:46 - 00000000 ____D () C:\AMD
2014-12-19 13:36 - 2014-10-05 11:53 - 00000000 ____D () C:\ProgramData\Samsung
2014-12-16 12:49 - 2014-10-05 11:43 - 00000000 ____D () C:\Program Files\Webroot
2014-12-16 12:44 - 2014-10-06 19:37 - 00000000 ____D () C:\ProgramData\Norton
2014-12-16 12:44 - 2014-10-05 12:18 - 01392928 _____ () C:\Windows\PFRO.log
2014-12-16 12:39 - 2014-11-10 13:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-15 23:33 - 2014-10-15 11:09 - 00001078 _____ () C:\Users\675990\Desktop\µTorrent.lnk
2014-12-15 22:21 - 2014-10-06 20:10 - 00000000 ____D () C:\Users\675990\AppData\Local\CrashDumps
2014-12-15 13:10 - 2014-10-05 11:43 - 00000000 ____D () C:\Program Files (x86)\KeyScrambler
2014-12-14 21:31 - 2014-10-23 22:34 - 00000000 ____D () C:\Users\675990\Documents\My Games
2014-12-12 03:52 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 17:21 - 2014-10-05 11:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-11 17:03 - 2014-10-15 11:08 - 00000000 ____D () C:\Users\675990\AppData\Roaming\uTorrent
2014-12-11 00:08 - 2014-10-06 19:37 - 00000000 ____D () C:\Users\675990\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-12-10 23:46 - 2014-10-05 12:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 23:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 23:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 23:45 - 2014-10-05 12:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 23:43 - 2014-10-05 12:10 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 19:36 - 2014-10-18 12:17 - 00000678 _____ () C:\Users\675990\Desktop\MozillaHistoryView.cfg
2014-12-10 17:29 - 2014-10-10 21:05 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-08 23:52 - 2014-10-05 12:27 - 00000000 ____D () C:\ProgramData\Origin
2014-12-08 22:45 - 2014-10-07 12:24 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-12-08 22:45 - 2014-10-07 12:24 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-12-08 22:28 - 2014-10-05 12:27 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-08 22:17 - 2014-10-15 14:06 - 00000000 _____ () C:\Users\675990\AppData\Local\Driver_LOM_8161Present.flag
2014-12-03 18:51 - 2014-10-13 21:41 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-03 18:51 - 2014-10-13 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-03 18:51 - 2014-10-13 21:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-03 12:30 - 2009-07-13 21:08 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-01 20:49 - 2014-10-05 12:05 - 00000000 ____D () C:\Users\675990\AppData\Local\Adobe
2014-11-29 22:46 - 2014-11-20 01:50 - 00000127 _____ () C:\Users\675990\Desktop\cyber.txt
2014-11-29 21:34 - 2014-10-07 11:39 - 00000000 ____D () C:\Users\675990\Documents\Battlefield 4
2014-11-29 18:11 - 2014-10-05 11:48 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-11-29 18:11 - 2014-10-05 11:48 - 00004266 _____ () C:\Windows\LkmdfCoInst.log
2014-11-24 21:48 - 2014-10-05 11:39 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-24 21:44 - 2014-10-05 12:16 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-11-24 14:04 - 2014-10-05 11:52 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-21 18:30 - 2014-10-21 18:50 - 00000156 _____ () C:\Users\675990\Desktop\xm pass.txt
2014-11-21 06:14 - 2014-10-13 21:41 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-10-13 21:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-10-13 21:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 
Some content of TEMP:
====================
C:\Users\675990\AppData\Local\Temp\JIntellitype.dll
C:\Users\675990\AppData\Local\Temp\raptrpatch.exe
C:\Users\675990\AppData\Local\Temp\raptr_stub.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-19 23:06
 
==================== End Of Log ============================
 
 
farbar addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2014 01
Ran by 675990 at 2014-12-21 22:15:37
Running from F:\downloads HDD
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-341382582-1989552550-2567787316-1000\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
3DMark Demo (HKLM-x32\...\Steam App 231350) (Version:  - Futuremark)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
ASUS MultiFrame (HKLM-x32\...\{FB4D076A-DEFD-4EAF-AD63-70D5A3BC262A}) (Version: 1.1.0 - ASUS)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23028 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Corsair Link (HKLM-x32\...\{658EFB3F-8606-4576-8FEC-B0CED48F1E68}) (Version: 2.7.5361 - Corsair)
Corsair Link™ USB Dongle (Driver Removal) (HKLM-x32\...\SIUSBXP&1B1C&1C00) (Version:  - Corsair Memory, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z 1.71 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
Futuremark SystemInfo (HKLM-x32\...\{E114E635-F06E-43B4-A800-74A22536B1B0}) (Version: 4.30.472.0 - Futuremark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gyazo 2.3 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HMA! Pro VPN 2.8.19.0 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.8.19.0 - Privax Ltd)
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.5.0.0 - QFX Software Corporation)
Linksys Dual Band Wireless-AC USB Adapter (HKLM-x32\...\{C094F1A2-5EDF-4550-AE67-5FC1F4D2186F}) (Version: 1.0.0.22 - Linksys LLC)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1039 - Marvell)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1042.0 - Passmark Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Sid Meiers Civilization Beyond Earth (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uQmV5b25kRWFydGg=_is1) (Version: 1 - )
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sound Blaster Z-Series (HKLM-x32\...\{47F19FB5-6878-4AE4-9313-446335E334D8}) (Version: 1.00.24 - Creative Technology Limited)
Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.6.28 - Webroot)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
15-12-2014 23:30:45 Installing COMODO Internet Security Premium
15-12-2014 23:31:03 Device Driver Package Install: COMODO Network Service
15-12-2014 23:53:19 Removed COMODO Internet Security Premium
15-12-2014 23:55:15 Removed COMODO Internet Security Premium
16-12-2014 12:37:49 Removed GeekBuddy.
19-12-2014 12:47:47 Windows Update
19-12-2014 13:28:58 RAPID
19-12-2014 13:37:20 RAPID
20-12-2014 20:34:27 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
20-12-2014 20:34:31 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
20-12-2014 21:19:00 Installed DirectX
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {031B5330-968C-4C37-AC72-F994805681DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-06] (Google Inc.)
Task: {4B744C2E-E85E-4003-85FF-D4223C94708D} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()
Task: {874C9E30-FBB3-469C-8794-717319685A37} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {CF58CFB7-8C1E-44A9-BCB7-D94DE1E4E313} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {ED4D6F94-1319-4BD6-B745-E15DB7069278} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-06] (Google Inc.)
Task: {F66234C4-0919-4B86-8B75-A68E33D51AB3} - System32\Tasks\Start Corsair Link => C:\Program Files (x86)\Corsair\Corsair Link\CorsairLink.exe [2014-09-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-10-07 12:47 - 2014-10-07 12:47 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-12-11 17:21 - 2013-10-18 16:42 - 00048856 _____ () C:\Windows\runSW.exe
2014-12-11 17:21 - 2013-07-22 18:53 - 00312144 _____ () C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe
2014-09-17 23:23 - 2014-09-17 23:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 10:51 - 2014-10-14 10:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-17 23:23 - 2014-09-17 23:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 10:51 - 2014-10-14 10:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2013-08-08 14:30 - 2013-08-08 14:30 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-10-29 09:57 - 2014-10-29 09:57 - 00199336 _____ () C:\Program Files (x86)\HMA! Pro VPN\bin\liblzo2-2.dll
2014-10-29 09:57 - 2014-10-29 09:57 - 00122504 _____ () C:\Program Files (x86)\HMA! Pro VPN\bin\libpkcs11-helper-1.dll
2014-12-11 17:21 - 2013-12-06 18:52 - 00446464 _____ () C:\Program Files (x86)\Linksys WUSB6300\WifiLib.dll
2014-10-05 12:28 - 2014-11-11 10:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-10-05 12:28 - 2014-11-11 10:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-10-05 12:28 - 2014-11-11 10:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-10-05 12:28 - 2014-11-11 10:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-10-05 12:28 - 2014-11-18 12:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-10-05 12:28 - 2014-11-11 10:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-10-05 12:28 - 2014-11-11 10:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-10-05 12:28 - 2014-11-18 12:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-10-05 12:28 - 2014-11-11 10:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-12-19 13:36 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2014-10-05 12:28 - 2014-11-11 10:48 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-12-10 10:47 - 2014-12-10 10:47 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\libcef.dll
2014-12-10 10:47 - 2014-12-10 10:47 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\libGLESv2.dll
2014-12-10 10:47 - 2014-12-10 10:47 - 00907776 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\platforms\qwindows.dll
2014-12-10 10:47 - 2014-12-10 10:47 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\libEGL.dll
2014-12-10 10:47 - 2014-12-10 10:47 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qgif.dll
2014-12-10 10:47 - 2014-12-10 10:47 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qico.dll
2014-12-10 10:47 - 2014-12-10 10:47 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qjpeg.dll
2014-12-10 10:47 - 2014-12-10 10:47 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qmng.dll
2014-12-10 10:47 - 2014-12-10 10:47 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qsvg.dll
2014-12-10 10:47 - 2014-12-10 10:47 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qtiff.dll
2014-12-10 10:47 - 2014-12-10 10:47 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQuick.2\qtquick2plugin.dll
2014-12-10 10:47 - 2014-12-10 10:47 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2014-12-10 10:47 - 2014-12-10 10:47 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQml\Models.2\modelsplugin.dll
2014-12-10 04:57 - 2014-12-10 04:57 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
2014-12-10 10:28 - 2014-12-05 17:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-10 10:28 - 2014-12-05 17:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-10 10:28 - 2014-12-05 17:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-10 10:28 - 2014-12-05 17:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-10-30 03:19 - 2014-10-30 03:19 - 00239528 _____ () C:\Program Files (x86)\HMA! Pro VPN\bin\HMAClientEngine.dll
2014-10-30 03:19 - 2014-10-30 03:19 - 00083880 _____ () C:\Program Files (x86)\HMA! Pro VPN\bin\Util.dll
2014-10-30 03:19 - 2014-10-30 03:19 - 00115112 _____ () C:\Program Files (x86)\HMA! Pro VPN\bin\HMA.GUI.Controls.dll
2014-10-30 03:19 - 2014-10-30 03:19 - 00253864 _____ () C:\Program Files (x86)\HMA! Pro VPN\bin\System.ComponentModel.Composition.dll
2014-09-04 08:52 - 2014-09-04 08:52 - 00024800 _____ () C:\Program Files (x86)\HMA! Pro VPN\bin\TabStripsDLL.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
675990 (S-1-5-21-341382582-1989552550-2567787316-1000 - Administrator - Enabled) => C:\Users\675990
Administrator (S-1-5-21-341382582-1989552550-2567787316-500 - Administrator - Disabled)
Guest (S-1-5-21-341382582-1989552550-2567787316-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-341382582-1989552550-2567787316-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/21/2014 00:11:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8112
 
Error: (12/21/2014 00:11:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8112
 
Error: (12/21/2014 00:11:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/21/2014 00:11:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7114
 
Error: (12/21/2014 00:11:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7114
 
Error: (12/21/2014 00:11:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/21/2014 00:11:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6115
 
Error: (12/21/2014 00:11:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6115
 
Error: (12/21/2014 00:11:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/21/2014 00:11:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5117
 
 
System errors:
=============
Error: (12/20/2014 08:43:40 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:42:32 PM on ‎12/‎20/‎2014 was unexpected.
 
Error: (12/20/2014 08:04:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (12/20/2014 08:02:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD External Events Utility service.
 
Error: (12/19/2014 01:29:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Samsung RAPID Mode Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/16/2014 01:09:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:08:51 PM on ‎12/‎16/‎2014 was unexpected.
 
Error: (12/16/2014 01:07:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:07:14 PM on ‎12/‎16/‎2014 was unexpected.
 
Error: (12/15/2014 11:00:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The NPEService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/12/2014 03:16:28 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RunSwUSB service.
 
Error: (12/12/2014 03:15:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Qualcomm Atheros Killer Service V2 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/11/2014 05:21:43 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The RunSwUSB service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
Microsoft Office Sessions:
=========================
Error: (12/21/2014 00:11:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8112
 
Error: (12/21/2014 00:11:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8112
 
Error: (12/21/2014 00:11:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/21/2014 00:11:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7114
 
Error: (12/21/2014 00:11:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7114
 
Error: (12/21/2014 00:11:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/21/2014 00:11:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6115
 
Error: (12/21/2014 00:11:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6115
 
Error: (12/21/2014 00:11:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/21/2014 00:11:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5117
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 58%
Total physical RAM: 8103.8 MB
Available physical RAM: 3324.36 MB
Total Pagefile: 16205.79 MB
Available Pagefile: 7634.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (SDD) (Fixed) (Total:232.66 GB) (Free:82.46 GB) NTFS
Drive f: (HDD) (Fixed) (Total:931.51 GB) (Free:890.62 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 043BEBAA)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: ADDAED47)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:26 AM

Posted 22 December 2014 - 09:32 AM


This is just a cleanup. Nothing suspicious was found.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll No File
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll No File
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Google Wallet) - C:\Users\675990\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-06]
S3 cpuz137; \??\C:\Users\675990\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GPU-Z; \??\C:\Users\675990\AppData\Local\Temp\GPU-Z.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

p.s.
You have Norton and Webroot installed on this computer.

Could these two AV program conflicting with one an other?

#5 reejus

reejus
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 22 December 2014 - 02:00 PM

This is just a cleanup. Nothing suspicious was found.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll No File
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll No File
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Google Wallet) - C:\Users\675990\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-06]
S3 cpuz137; \??\C:\Users\675990\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GPU-Z; \??\C:\Users\675990\AppData\Local\Temp\GPU-Z.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

p.s.
You have Norton and Webroot installed on this computer.

Could these two AV program conflicting with one an other?

 

I keep getting an error when running"fix" in frst. the error is " line 9878 (file c:\users\desktop\frst64.exe": error :error in expression. And I only have webroot installed and norton was deleted.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:26 AM

Posted 23 December 2014 - 09:02 AM

I keep getting an error when running"fix" in frst. the error is " line 9878 (file c:\users\desktop\frst64.exe": error :error in expression. And I only have webroot installed and norton was deleted.


This is being looked into.
Apparently the fix is carried on and you should get a fixlog.txt file to post.

Did you get that file and can you post it.

#7 reejus

reejus
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 23 December 2014 - 05:23 PM

 

I keep getting an error when running"fix" in frst. the error is " line 9878 (file c:\users\desktop\frst64.exe": error :error in expression. And I only have webroot installed and norton was deleted.


This is being looked into.
Apparently the fix is carried on and you should get a fixlog.txt file to post.

Did you get that file and can you post it.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-12-2014 01
Ran by 675990 at 2014-12-22 20:49:05 Run:9
Running from F:\downloads HDD
Loaded Profile: 675990 (Available profiles: 675990)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll No File
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll No File
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Google Wallet) - C:\Users\675990\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-06]
S3 cpuz137; \??\C:\Users\675990\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GPU-Z; \??\C:\Users\675990\AppData\Local\Temp\GPU-Z.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
*****************
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} => Key not found. 
HKCR\CLSID\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} => Key not found. 
HKCR\Wow6432Node\CLSID\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} => Key could not be deleted. Error: -1073741772
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => Value not found.
HKCR\CLSID\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => Value not found.
HKCR\Wow6432Node\CLSID\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => Key could not be deleted. Error: -1073741772
HKCR\PROTOCOLS\Handler\vipresg => Key not found. 
HKCR\CLSID\{47BE2E5B-703B-444F-ABD3-05717D2191C6} => Key not found. 
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => Key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => Key not found. 
C:\Users\675990\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda directory not found.
cpuz137 => Service not found.
gdrv => Service not found.
GPU-Z => Service not found.
GPUZ => Service not found.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:26 AM

Posted 24 December 2014 - 08:46 AM


The fix failed because your are running the farbar tool from your F:\ driver.

Running from F:\downloads HDD

Create a folder on your c:\desktop call it My_FIX

Copy the Farbar.exe and the Fixlog.txt in it.

Run the tool using the Fix button.

Post the log for my review.

How is the computer running now?

p.s. When all is well you can delete the My_Fix folder.
Keep the file in the downloads HDD but remember it must be run in the C:\ drive.

#9 reejus

reejus
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 24 December 2014 - 10:49 PM

i still get an error when running fix on c:



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:26 AM

Posted 25 December 2014 - 09:07 AM

Is there a way for you to disable Webroot from 10 minutes and run the fix?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:26 AM

Posted 31 December 2014 - 10:19 AM

Are you still with me?

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:26 AM

Posted 06 January 2015 - 10:14 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users