Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need Help


  • This topic is locked This topic is locked
15 replies to this topic

#1 mikeyssx

mikeyssx

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 20 December 2014 - 10:33 PM

For the past couple of days i been having problems with my computer it's been running slow and it keeps telling me that i don't have a genuine windows 7. I thought it was because i updated windows kb3004394 but i scanned the computer and found some unknown rootkits 
 
 
RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Software
 
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mike [Administrator]
Mode : Delete -- Date : 12/20/2014  22:10:52
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 3 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{36DFDAF0-2924-4C76-BACE-B5609E507558} | DhcpNameServer : 77.234.40.79 [CZECH REPUBLIC (CZ)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{36DFDAF0-2924-4C76-BACE-B5609E507558} | DhcpNameServer : 77.234.40.79 [CZECH REPUBLIC (CZ)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{36DFDAF0-2924-4C76-BACE-B5609E507558} | DhcpNameServer : 77.234.40.79 [CZECH REPUBLIC (CZ)]  -> Replaced ()
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 163 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\GEARAspiWDM @ Unknown (\SystemRoot\System32\Drivers\EtronXHCI.sys)
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x776a010a (jmp 0x15d850|jmp 0xfffffffffffffe09|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x776a010a (jmp 0x15ed60|jmp 0xfffffffffffffc49|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x776a010a (jmp 0x15ed20|jmp 0xfffffffffffffc69|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateEvent : Unknown @ 0x776a010a (jmp 0x15eba0|jmp 0xfffffffffffffd29|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x776a010a (jmp 0x15e300|jmp 0xfffffffffffffb69|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x776a010a (jmp 0x15ee70|jmp 0xfffffffffffffc19|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenEvent : Unknown @ 0x776a010a (jmp 0x15ec30|jmp 0xfffffffffffffd19|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x776a010a (jmp 0x15e870|jmp 0xfffffffffffffc59|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x776a010a (jmp 0x15dc20|jmp 0xfffffffffffffbf9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateSection : Unknown @ 0x776a010a (jmp 0x15ebc0|jmp 0xfffffffffffffce9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x776a010a (jmp 0x15ee60|jmp 0xfffffffffffffc89|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x776a010a (jmp 0x15e300|jmp 0xfffffffffffffb59|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtQueryObject : Unknown @ 0x776a010a (jmp 0x15f0a0|jmp 0xfffffffffffffba9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x776a010a (jmp 0x15e730|jmp 0xfffffffffffffca9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenSection : Unknown @ 0x776a010a (jmp 0x15ed00|jmp 0xfffffffffffffcd9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateSemaphore : Unknown @ 0x776a010a (jmp 0x15e5a0|jmp 0xfffffffffffffd49|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenSemaphore : Unknown @ 0x776a010a (jmp 0x15e030|jmp 0xfffffffffffffd39|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x776a010a (jmp 0x15e610|jmp 0xfffffffffffffd69|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenMutant : Unknown @ 0x776a010a (jmp 0x15e060|jmp 0xfffffffffffffd59|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateTimer : Unknown @ 0x776a010a (jmp 0x15e5f0|jmp 0xfffffffffffffcc9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenTimer : Unknown @ 0x776a010a (jmp 0x15e070|jmp 0xfffffffffffffcb9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x776a010a (jmp 0x15e6a0|jmp 0xfffffffffffffc29|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtTerminateThread : Unknown @ 0x776a010a (jmp 0x15ec10|jmp 0xfffffffffffffc09|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenThread : Unknown @ 0x776a010a (jmp 0x15e0c0|jmp 0xfffffffffffffc79|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x776a010a (jmp 0x15d9a0|jmp 0xfffffffffffffbc9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x776a010a (jmp 0x15e980|jmp 0xfffffffffffffb79|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x776a010a (jmp 0x15de80|jmp 0xfffffffffffffbb9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtVdmControl : Unknown @ 0x776a010a (jmp 0x15d700|jmp 0xfffffffffffffd79|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x776a010a (jmp 0x15e140|jmp 0xfffffffffffffe19|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenEventPair : Unknown @ 0x776a010a (jmp 0x15e130|jmp 0xfffffffffffffcf9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateSection : Unknown @ 0x27010a (jmp 0xffffffff88d2ebc0|jmp 0xfffffffffffffce9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtTerminateThread : Unknown @ 0x27010a (jmp 0xffffffff88d2ec10|jmp 0xfffffffffffffc09|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtQueryObject : Unknown @ 0x27010a (jmp 0xffffffff88d2f0a0|jmp 0xfffffffffffffba9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x27010a (jmp 0xffffffff88d2ee60|jmp 0xfffffffffffffc89|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenThread : Unknown @ 0x27010a (jmp 0xffffffff88d2e0c0|jmp 0xfffffffffffffc79|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x27010a (jmp 0xffffffff88d2ed60|jmp 0xfffffffffffffc49|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x27010a (jmp 0xffffffff88d2ee70|jmp 0xfffffffffffffc19|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x27010a (jmp 0xffffffff88d2e6a0|jmp 0xfffffffffffffc29|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateThread : Unknown @ 0x27010a (jmp 0xffffffff88d2ec30|jmp 0xfffffffffffffc39|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x27010a (jmp 0xffffffff88d2d9a0|jmp 0xfffffffffffffbc9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x27010a (jmp 0xffffffff88d2dc20|jmp 0xfffffffffffffbf9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSetBootOptions : Unknown @ 0x27010a (jmp 0xffffffff88d2daa0|jmp 0xfffffffffffffd89|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenTimer : Unknown @ 0x27010a (jmp 0xffffffff88d2e070|jmp 0xfffffffffffffcb9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x27010a (jmp 0xffffffff88d2e300|jmp 0xfffffffffffffb59|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSuspendProcess : Unknown @ 0x27010a (jmp 0xffffffff88d2d9a0|jmp 0xfffffffffffffbd9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateTimer : Unknown @ 0x27010a (jmp 0xffffffff88d2e5f0|jmp 0xfffffffffffffcc9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x27010a (jmp 0xffffffff88d2d850|jmp 0xfffffffffffffe09|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x27010a (jmp 0xffffffff88d2e730|jmp 0xfffffffffffffca9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtModifyBootEntry : Unknown @ 0x27010a (jmp 0xffffffff88d2e0f0|jmp 0xfffffffffffffda9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenMutant : Unknown @ 0x27010a (jmp 0xffffffff88d2e060|jmp 0xfffffffffffffd59|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSetSystemPowerState : Unknown @ 0x27010a (jmp 0xffffffff88d2d860|jmp 0xfffffffffffffde9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtReplyWaitReceivePortEx : Unknown @ 0x27010a (jmp 0xffffffff88d2ef10|jmp 0xfffffffffffffb89|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtShutdownSystem : Unknown @ 0x27010a (jmp 0xffffffff88d2d7e0|jmp 0xfffffffffffffdf9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenIoCompletion : Unknown @ 0x27010a (jmp 0xffffffff88d2e180|jmp 0xfffffffffffffc99|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtAddBootEntry : Unknown @ 0x27010a (jmp 0xffffffff88d2e8f0|jmp 0xfffffffffffffdc9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtReplyWaitReceivePort : Unknown @ 0x27010a (jmp 0xffffffff88d2f100|jmp 0xfffffffffffffb99|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtDeleteBootEntry : Unknown @ 0x27010a (jmp 0xffffffff88d2e460|jmp 0xfffffffffffffdb9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSetBootEntryOrder : Unknown @ 0x27010a (jmp 0xffffffff88d2daa0|jmp 0xfffffffffffffd99|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenSection : Unknown @ 0x27010a (jmp 0xffffffff88d2ed00|jmp 0xfffffffffffffcd9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtDebugActiveProcess : Unknown @ 0x27010a (jmp 0xffffffff88d2e660|jmp 0xfffffffffffffbe9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x27010a (jmp 0xffffffff88d2e870|jmp 0xfffffffffffffc59|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenEvent : Unknown @ 0x27010a (jmp 0xffffffff88d2ec30|jmp 0xfffffffffffffd19|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x27010a (jmp 0xffffffff88d2e980|jmp 0xfffffffffffffb79|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x27010a (jmp 0xffffffff88d2e300|jmp 0xfffffffffffffb69|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenEventPair : Unknown @ 0x27010a (jmp 0xffffffff88d2e130|jmp 0xfffffffffffffcf9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateEvent : Unknown @ 0x27010a (jmp 0xffffffff88d2eba0|jmp 0xfffffffffffffd29|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateSemaphore : Unknown @ 0x27010a (jmp 0xffffffff88d2e5a0|jmp 0xfffffffffffffd49|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSystemDebugControl : Unknown @ 0x27010a (jmp 0xffffffff88d2d780|jmp 0xfffffffffffffdd9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x27010a (jmp 0xffffffff88d2e610|jmp 0xfffffffffffffd69|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x27010a (jmp 0xffffffff88d2e140|jmp 0xfffffffffffffe19|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateEventPair : Unknown @ 0x27010a (jmp 0xffffffff88d2e6e0|jmp 0xfffffffffffffd09|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x27010a (jmp 0xffffffff88d2de80|jmp 0xfffffffffffffbb9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x27010a (jmp 0xffffffff88d2ed20|jmp 0xfffffffffffffc69|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenSemaphore : Unknown @ 0x27010a (jmp 0xffffffff88d2e030|jmp 0xfffffffffffffd39|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateSection : Unknown @ 0x776a010a (jmp 0x15ebc0|jmp 0xfffffffffffffce9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtTerminateThread : Unknown @ 0x776a010a (jmp 0x15ec10|jmp 0xfffffffffffffc09|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtQueryObject : Unknown @ 0x776a010a (jmp 0x15f0a0|jmp 0xfffffffffffffba9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x776a010a (jmp 0x15ee60|jmp 0xfffffffffffffc89|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenThread : Unknown @ 0x776a010a (jmp 0x15e0c0|jmp 0xfffffffffffffc79|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x776a010a (jmp 0x15ed60|jmp 0xfffffffffffffc49|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x776a010a (jmp 0x15ee70|jmp 0xfffffffffffffc19|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x776a010a (jmp 0x15e6a0|jmp 0xfffffffffffffc29|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateThread : Unknown @ 0x776a010a (jmp 0x15ec30|jmp 0xfffffffffffffc39|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x776a010a (jmp 0x15d9a0|jmp 0xfffffffffffffbc9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x776a010a (jmp 0x15dc20|jmp 0xfffffffffffffbf9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSetBootOptions : Unknown @ 0x776a010a (jmp 0x15daa0|jmp 0xfffffffffffffd89|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenTimer : Unknown @ 0x776a010a (jmp 0x15e070|jmp 0xfffffffffffffcb9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x776a010a (jmp 0x15e300|jmp 0xfffffffffffffb59|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSuspendProcess : Unknown @ 0x776a010a (jmp 0x15d9a0|jmp 0xfffffffffffffbd9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateTimer : Unknown @ 0x776a010a (jmp 0x15e5f0|jmp 0xfffffffffffffcc9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x776a010a (jmp 0x15d850|jmp 0xfffffffffffffe09|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x776a010a (jmp 0x15e730|jmp 0xfffffffffffffca9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtModifyBootEntry : Unknown @ 0x776a010a (jmp 0x15e0f0|jmp 0xfffffffffffffda9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenMutant : Unknown @ 0x776a010a (jmp 0x15e060|jmp 0xfffffffffffffd59|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSetSystemPowerState : Unknown @ 0x776a010a (jmp 0x15d860|jmp 0xfffffffffffffde9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtReplyWaitReceivePortEx : Unknown @ 0x776a010a (jmp 0x15ef10|jmp 0xfffffffffffffb89|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtShutdownSystem : Unknown @ 0x776a010a (jmp 0x15d7e0|jmp 0xfffffffffffffdf9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenIoCompletion : Unknown @ 0x776a010a (jmp 0x15e180|jmp 0xfffffffffffffc99|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtAddBootEntry : Unknown @ 0x776a010a (jmp 0x15e8f0|jmp 0xfffffffffffffdc9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtReplyWaitReceivePort : Unknown @ 0x776a010a (jmp 0x15f100|jmp 0xfffffffffffffb99|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtDeleteBootEntry : Unknown @ 0x776a010a (jmp 0x15e460|jmp 0xfffffffffffffdb9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSetBootEntryOrder : Unknown @ 0x776a010a (jmp 0x15daa0|jmp 0xfffffffffffffd99|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenSection : Unknown @ 0x776a010a (jmp 0x15ed00|jmp 0xfffffffffffffcd9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtDebugActiveProcess : Unknown @ 0x776a010a (jmp 0x15e660|jmp 0xfffffffffffffbe9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x776a010a (jmp 0x15e870|jmp 0xfffffffffffffc59|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenEvent : Unknown @ 0x776a010a (jmp 0x15ec30|jmp 0xfffffffffffffd19|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x776a010a (jmp 0x15e980|jmp 0xfffffffffffffb79|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x776a010a (jmp 0x15e300|jmp 0xfffffffffffffb69|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenEventPair : Unknown @ 0x776a010a (jmp 0x15e130|jmp 0xfffffffffffffcf9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateEvent : Unknown @ 0x776a010a (jmp 0x15eba0|jmp 0xfffffffffffffd29|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateSemaphore : Unknown @ 0x776a010a (jmp 0x15e5a0|jmp 0xfffffffffffffd49|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSystemDebugControl : Unknown @ 0x776a010a (jmp 0x15d780|jmp 0xfffffffffffffdd9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x776a010a (jmp 0x15e610|jmp 0xfffffffffffffd69|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x776a010a (jmp 0x15e140|jmp 0xfffffffffffffe19|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateEventPair : Unknown @ 0x776a010a (jmp 0x15e6e0|jmp 0xfffffffffffffd09|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x776a010a (jmp 0x15de80|jmp 0xfffffffffffffbb9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x776a010a (jmp 0x15ed20|jmp 0xfffffffffffffc69|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenSemaphore : Unknown @ 0x776a010a (jmp 0x15e030|jmp 0xfffffffffffffd39|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateSection : Unknown @ 0x14010a (jmp 0xffffffff88bfebc0|jmp 0xfffffffffffffce9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtTerminateThread : Unknown @ 0x14010a (jmp 0xffffffff88bfec10|jmp 0xfffffffffffffc09|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtQueryObject : Unknown @ 0x14010a (jmp 0xffffffff88bff0a0|jmp 0xfffffffffffffba9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x14010a (jmp 0xffffffff88bfee60|jmp 0xfffffffffffffc89|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenThread : Unknown @ 0x14010a (jmp 0xffffffff88bfe0c0|jmp 0xfffffffffffffc79|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x14010a (jmp 0xffffffff88bfed60|jmp 0xfffffffffffffc49|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x14010a (jmp 0xffffffff88bfee70|jmp 0xfffffffffffffc19|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x14010a (jmp 0xffffffff88bfe6a0|jmp 0xfffffffffffffc29|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateThread : Unknown @ 0x14010a (jmp 0xffffffff88bfec30|jmp 0xfffffffffffffc39|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x14010a (jmp 0xffffffff88bfd9a0|jmp 0xfffffffffffffbc9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x14010a (jmp 0xffffffff88bfdc20|jmp 0xfffffffffffffbf9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSetBootOptions : Unknown @ 0x14010a (jmp 0xffffffff88bfdaa0|jmp 0xfffffffffffffd89|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenTimer : Unknown @ 0x14010a (jmp 0xffffffff88bfe070|jmp 0xfffffffffffffcb9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x14010a (jmp 0xffffffff88bfe300|jmp 0xfffffffffffffb59|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSuspendProcess : Unknown @ 0x14010a (jmp 0xffffffff88bfd9a0|jmp 0xfffffffffffffbd9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateTimer : Unknown @ 0x14010a (jmp 0xffffffff88bfe5f0|jmp 0xfffffffffffffcc9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x14010a (jmp 0xffffffff88bfd850|jmp 0xfffffffffffffe09|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x14010a (jmp 0xffffffff88bfe730|jmp 0xfffffffffffffca9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtModifyBootEntry : Unknown @ 0x14010a (jmp 0xffffffff88bfe0f0|jmp 0xfffffffffffffda9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenMutant : Unknown @ 0x14010a (jmp 0xffffffff88bfe060|jmp 0xfffffffffffffd59|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSetSystemPowerState : Unknown @ 0x14010a (jmp 0xffffffff88bfd860|jmp 0xfffffffffffffde9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtReplyWaitReceivePortEx : Unknown @ 0x14010a (jmp 0xffffffff88bfef10|jmp 0xfffffffffffffb89|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtShutdownSystem : Unknown @ 0x14010a (jmp 0xffffffff88bfd7e0|jmp 0xfffffffffffffdf9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenIoCompletion : Unknown @ 0x14010a (jmp 0xffffffff88bfe180|jmp 0xfffffffffffffc99|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtAddBootEntry : Unknown @ 0x14010a (jmp 0xffffffff88bfe8f0|jmp 0xfffffffffffffdc9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtReplyWaitReceivePort : Unknown @ 0x14010a (jmp 0xffffffff88bff100|jmp 0xfffffffffffffb99|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtDeleteBootEntry : Unknown @ 0x14010a (jmp 0xffffffff88bfe460|jmp 0xfffffffffffffdb9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSetBootEntryOrder : Unknown @ 0x14010a (jmp 0xffffffff88bfdaa0|jmp 0xfffffffffffffd99|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenSection : Unknown @ 0x14010a (jmp 0xffffffff88bfed00|jmp 0xfffffffffffffcd9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtDebugActiveProcess : Unknown @ 0x14010a (jmp 0xffffffff88bfe660|jmp 0xfffffffffffffbe9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x14010a (jmp 0xffffffff88bfe870|jmp 0xfffffffffffffc59|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenEvent : Unknown @ 0x14010a (jmp 0xffffffff88bfec30|jmp 0xfffffffffffffd19|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x14010a (jmp 0xffffffff88bfe980|jmp 0xfffffffffffffb79|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x14010a (jmp 0xffffffff88bfe300|jmp 0xfffffffffffffb69|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenEventPair : Unknown @ 0x14010a (jmp 0xffffffff88bfe130|jmp 0xfffffffffffffcf9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateEvent : Unknown @ 0x14010a (jmp 0xffffffff88bfeba0|jmp 0xfffffffffffffd29|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateSemaphore : Unknown @ 0x14010a (jmp 0xffffffff88bfe5a0|jmp 0xfffffffffffffd49|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtSystemDebugControl : Unknown @ 0x14010a (jmp 0xffffffff88bfd780|jmp 0xfffffffffffffdd9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x14010a (jmp 0xffffffff88bfe610|jmp 0xfffffffffffffd69|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x14010a (jmp 0xffffffff88bfe140|jmp 0xfffffffffffffe19|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtCreateEventPair : Unknown @ 0x14010a (jmp 0xffffffff88bfe6e0|jmp 0xfffffffffffffd09|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x14010a (jmp 0xffffffff88bfde80|jmp 0xfffffffffffffbb9|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x14010a (jmp 0xffffffff88bfed20|jmp 0xfffffffffffffc69|jmp 0xfffffffffffffff0)
[IAT:Inl] (chrome.exe) ntdll.dll - NtOpenSemaphore : Unknown @ 0x14010a (jmp 0xffffffff88bfe030|jmp 0xfffffffffffffd39|jmp 0xfffffffffffffff0)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-9YN162 ATA Device +++++
--- User ---
[MBR] 3b0f83d6a630a3450a57e3682a276308
[BSP] 398c80a87e291a2490b859a2212015f8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_DEL_12202014_213859.log - RKreport_DEL_12202014_213948.log - RKreport_DEL_12202014_214052.log - RKreport_DEL_12202014_215655.log
RKreport_DEL_12202014_215753.log - RKreport_SCN_12202014_211413.log - RKreport_SCN_12202014_215026.log - RKreport_SCN_12202014_221016.log

Edited by Queen-Evie, 20 December 2014 - 10:37 PM.
moved from Windows 7 to the appropriate forum


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:25 AM

Posted 25 December 2014 - 09:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 mikeyssx

mikeyssx
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 27 December 2014 - 11:52 PM

sorry it took me awhile to post this been busy during the holiday here what i got from mbam scan 

 
www.malwarebytes.org
 
Scan Date: 12/27/2014
Scan Time: 8:15:03 PM
Logfile: mbam2.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.27.08
Rootkit Database: v2014.12.23.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mike
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 619671
Time Elapsed: 3 hr, 9 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 


#4 mikeyssx

mikeyssx
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 28 December 2014 - 12:03 AM

here the report from ad ware cleaner

# AdwCleaner v4.105 - Report created 20/12/2014 at 21:58:14
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mike - MIKE-PC
# Running from : C:\Users\Mike\Desktop\adwcleaner_4.105.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : c2cautoupdatesvc
Service Deleted : c2cpnrsvcA
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A7F3E060-6E55-4C14-93FD-2D5B9EC43167}
Key Deleted : HKCU\Software\GetPrivate
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v35.0 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [3622 octets] - [12/11/2013 01:58:20]
AdwCleaner[R10].txt - [3893 octets] - [20/12/2014 21:48:32]
AdwCleaner[R1].txt - [1994 octets] - [24/02/2014 23:04:24]
AdwCleaner[R2].txt - [1656 octets] - [31/05/2014 20:09:36]
AdwCleaner[R3].txt - [1716 octets] - [31/05/2014 20:32:39]
AdwCleaner[R4].txt - [1713 octets] - [21/06/2014 01:37:05]
AdwCleaner[R5].txt - [1833 octets] - [28/06/2014 20:09:24]
AdwCleaner[R6].txt - [2521 octets] - [21/08/2014 19:51:49]
AdwCleaner[R7].txt - [2110 octets] - [21/08/2014 20:17:50]
AdwCleaner[R8].txt - [2170 octets] - [21/08/2014 20:37:17]
AdwCleaner[R9].txt - [1937 octets] - [22/08/2014 23:49:18]
AdwCleaner[S0].txt - [3611 octets] - [12/11/2013 02:00:55]
AdwCleaner[S1].txt - [1960 octets] - [24/02/2014 23:06:46]
AdwCleaner[S2].txt - [2623 octets] - [31/05/2014 20:50:07]
AdwCleaner[S3].txt - [2616 octets] - [21/06/2014 01:38:31]
AdwCleaner[S4].txt - [2736 octets] - [28/06/2014 20:10:33]
AdwCleaner[S5].txt - [3430 octets] - [21/08/2014 20:12:04]
AdwCleaner[S6].txt - [3686 octets] - [20/12/2014 21:58:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [3746 octets] ##########
 


#5 mikeyssx

mikeyssx
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 28 December 2014 - 12:09 AM

here is the farbar frst scan 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by Mike (administrator) on MIKE-PC on 28-12-2014 00:05:04
Running from C:\Users\Mike\Desktop
Loaded Profile: Mike (Available profiles: Mike)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\OPTI-SAFE Sentinel for Windows\Sentinel.exe
(Dropbox, Inc.) C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Sentinel] => C:\OPTI-SAFE Sentinel for Windows\Sentinel.exe [430080 2010-06-04] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\...\Run: [Google Update] => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-24] (Google Inc.)
HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\...\Run: [GoogleChromeAutoLaunch_A9A28D217F0AF6C0AE66A9006030A09A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\...\MountPoints2: {78919d63-64ef-11e3-a19a-50e549cae3cc} - H:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\...\MountPoints2: {83597302-8058-11e1-a191-50e549cae3cc} - H:\TL-Bootstrap.exe
HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\...\MountPoints2: {91de0775-66b9-11e3-907e-50e549cae3cc} - E:\Startup.exe
HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\...\MountPoints2: {b9313ef0-f691-11e2-8ed0-50e549cae3cc} - J:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\...\MountPoints2: {ee8f6b7b-1a1a-11e2-8025-50e549cae3cc} - I:\TL-Bootstrap.exe
HKU\S-1-5-18\...\Run: [Norton Download Manager{NSME22-B22-4abb-B07C-C084B04B4F12}] => C:\Users\Public\Downloads\Norton\{NSME22-B22-4abb-B07C-C084B04B4F12}\ccSvcHst.exe /m
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
URLSearchHook: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001 - (No Name) - {edcc4d90-5790-446e-96fd-1e09ca88ee75} - No File
SearchScopes: HKLM -> {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001 -> {015163BF-FC5C-4143-ABCE-09DED452F2B8} URL = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001 -> {1ECD46CE-CB0F-4bcf-870B-1DA298B5D0D4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001 -> {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL = 
SearchScopes: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001 -> {AF5E34F1-EBA3-4ca5-8247-BF5BDCCF796A} URL = https://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1rg7qgab.default
FF DefaultSearchEngine,S: 
FF SearchEngineOrder.1: 
FF SearchEngineOrder.1,S: 
FF SelectedSearchEngine,S: 
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3182889431-3709305361-3210593515-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3182889431-3709305361-3210593515-1001: @talk.google.com/O1DPlugin -> C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3182889431-3709305361-3210593515-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3182889431-3709305361-3210593515-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3182889431-3709305361-3210593515-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mike\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3182889431-3709305361-3210593515-1001: electronicarts.com/GameFacePlugin -> C:\Users\Mike\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Plugin HKU\S-1-5-21-3182889431-3709305361-3210593515-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mike\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Mike\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-21]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "", "hxxp://www.google.com/", "hxxp://www.google.com/"
CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-29]
CHR Extension: (One Piece Theme2) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggndmjeamglljedlcacmjipmlhbdgioi [2013-06-29]
CHR Extension: (Avast Online Security) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-06-29]
CHR Extension: (Google Wallet) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-29]
CHR HKLM-x32\...\Chrome\Extension: [edfidmonehgnlhpkkanhjikdbagbohic] - C:\ProgramData\SaveAs\edfidmonehgnlhpkkanhjikdbagbohic.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-17]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-17] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-17] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-17] (Avast Software)
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [130976 2011-03-01] (Futuremark Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4756216 2011-09-16] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-14] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-13] ()
S2 SentinelService; C:\OPTI-SAFE Sentinel for Windows\Sentinel_Service.Exe [375296 2010-06-22] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-17] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-17] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-17] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-07-04] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-17] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2012-06-06] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-17] (Disc Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2012-06-06] ()
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 dump_wmimmc; \??\C:\9Dragons\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-28 00:05 - 2014-12-28 00:05 - 00030110 _____ () C:\Users\Mike\Desktop\FRST.txt
2014-12-28 00:04 - 2014-12-28 00:05 - 00000000 ____D () C:\FRST
2014-12-27 23:48 - 2014-12-27 23:48 - 00001062 _____ () C:\Users\Mike\Desktop\mbam2.txt
2014-12-27 20:13 - 2014-12-27 20:13 - 00001064 _____ () C:\Users\Mike\Desktop\mbam report.txt
2014-12-27 20:11 - 2014-12-27 20:11 - 02122752 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2014-12-25 11:01 - 2014-12-12 19:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-25 10:58 - 2014-12-13 05:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-25 10:58 - 2014-12-13 05:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-25 10:58 - 2014-12-13 05:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-25 10:58 - 2014-10-09 12:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-12-25 10:58 - 2014-10-09 12:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-12-25 10:58 - 2014-10-09 02:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2014-12-25 03:00 - 2014-12-25 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-12-24 00:40 - 2014-11-22 05:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-24 00:40 - 2014-11-22 05:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-23 11:36 - 2014-12-23 12:35 - 485793193 _____ () C:\Users\Mike\Downloads\XRM1.30_PART_1.zip
2014-12-22 14:25 - 2014-12-22 14:26 - 02173952 _____ () C:\Users\Mike\Desktop\adwcleaner_4.106.exe
2014-12-20 21:34 - 2014-12-20 21:46 - 00002042 _____ () C:\Users\Mike\Desktop\Rkill.txt
2014-12-20 20:59 - 2014-12-20 21:00 - 04166770 _____ () C:\Users\Mike\Desktop\tdsskiller.zip
2014-12-20 20:57 - 2014-12-20 20:57 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Mike\Desktop\rkill.exe
2014-12-20 20:37 - 2014-12-20 20:39 - 01166232 _____ (Magical Jelly Bean ) C:\Users\Mike\Desktop\KeyFinderInstaller.exe
2014-12-20 20:26 - 2014-12-22 12:58 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-20 20:23 - 2014-12-20 20:23 - 18315864 _____ () C:\Users\Mike\Desktop\RogueKillerX64.exe
2014-12-17 13:31 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 13:31 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 22:14 - 2014-12-16 22:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-14 20:38 - 2014-12-14 20:38 - 00003142 _____ () C:\Windows\System32\Tasks\{DE188637-B838-4AD1-9DF1-6230C24AA2BD}
2014-12-14 20:38 - 2014-12-14 20:38 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lv.lib.scripts
2014-12-12 03:01 - 2014-12-12 03:01 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 20:56 - 2014-12-11 20:56 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-12-11 20:52 - 2014-11-12 19:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll
2014-12-11 20:52 - 2014-11-12 19:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll
2014-12-11 03:03 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 03:03 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 03:03 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 03:03 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 03:03 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 03:03 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 03:03 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-11 03:03 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-11 03:03 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-11 03:03 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 23:22 - 2014-12-10 23:22 - 00000000 ____D () C:\Program Files (x86)\ZooskMessenger
2014-12-10 16:19 - 2014-12-10 16:19 - 00001516 _____ () C:\Users\Mike\Documents\healing.txt
2014-12-10 16:03 - 2014-12-10 16:03 - 00001701 _____ () C:\Users\Mike\Documents\adoration.txt
2014-12-10 15:43 - 2014-12-10 15:43 - 00000527 _____ () C:\Users\Mike\Documents\night pray.txt
2014-12-10 15:41 - 2014-12-10 15:41 - 00000405 _____ () C:\Users\Mike\Documents\short pray.txt
2014-12-10 15:31 - 2014-12-10 15:31 - 00000523 _____ () C:\Users\Mike\Documents\forgiveness.txt
2014-12-10 12:55 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 12:55 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 12:55 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 12:55 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 12:55 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 12:55 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 12:55 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 12:55 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 12:55 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 12:55 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 12:55 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 12:55 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 12:55 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 12:55 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 12:55 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 12:55 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 12:55 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 12:55 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 12:55 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 12:55 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 12:55 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 12:55 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 12:55 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 12:55 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 12:55 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 12:55 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 12:55 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 12:55 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 12:55 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 12:55 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 12:55 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 12:55 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 12:55 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 12:55 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 12:55 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 12:55 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 12:55 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 12:55 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 12:55 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 12:55 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 12:55 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 12:55 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 12:55 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 12:55 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 12:55 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 12:55 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 12:55 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 12:55 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 12:55 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 12:55 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 12:55 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 12:55 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 12:55 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 12:55 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 12:55 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 12:55 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 12:55 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 12:55 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 12:55 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 12:55 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 12:55 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 12:55 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 12:55 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 12:54 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 12:54 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 12:54 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 12:54 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 12:54 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 12:54 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 12:54 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 12:54 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 12:54 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 12:54 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 12:54 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 12:54 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 12:54 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 12:54 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 12:53 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 12:53 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 14:08 - 2014-12-09 14:08 - 00000000 ____D () C:\Program Files\Verizon
2014-12-05 18:51 - 2014-12-05 18:51 - 00000344 _____ () C:\Users\Mike\Documents\very good pray.txt
2014-12-05 04:24 - 2014-12-05 04:24 - 00002904 _____ () C:\Users\Mike\Documents\the nine.txt
2014-12-05 04:23 - 2014-12-05 04:23 - 00007662 _____ () C:\Users\Mike\Documents\spirit war.txt
2014-12-05 04:20 - 2014-12-05 04:20 - 00005239 _____ () C:\Users\Mike\Documents\powerful pray.txt
2014-12-04 00:57 - 2014-12-04 01:07 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\REngLauncher
2014-12-04 00:50 - 2014-12-04 00:50 - 03940864 _____ (KaryuuSoft) C:\Users\Mike\Desktop\REngLauncher.exe
2014-12-03 21:32 - 2014-12-03 21:32 - 00000000 ____D () C:\Users\Mike\Documents\BnS
2014-12-03 21:28 - 2014-12-03 21:28 - 00000000 ____D () C:\Users\Mike\AppData\Local\BNSUpdater
2014-12-03 21:24 - 2014-12-03 21:24 - 00001086 _____ () C:\Users\Public\Desktop\Blade and Soul.lnk
2014-12-03 21:15 - 2014-12-03 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blade and Soul
2014-12-03 21:15 - 2014-12-03 21:15 - 00000000 ____D () C:\Program Files (x86)\PlayBns.com
2014-12-02 18:02 - 2014-12-02 18:02 - 00000222 _____ () C:\Users\Mike\Desktop\XCOM Enemy Unknown.url
2014-11-30 20:03 - 2014-11-30 20:03 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Guild Wars 2
2014-11-28 10:37 - 2014-11-28 10:37 - 00000247 _____ () C:\Windows\system32\2014-11-28-15-37-27.028-aswFe.exe-7280.log
2014-11-28 10:37 - 2014-11-28 10:37 - 00000197 _____ () C:\Windows\system32\2014-11-28-15-37-21.075-AvastVBoxSVC.exe-4112.log
2014-11-28 03:58 - 2014-12-20 14:33 - 88080384 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000001
2014-11-28 03:58 - 2014-12-20 14:33 - 23592960 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000003
2014-11-28 03:58 - 2014-12-20 14:32 - 09961472 _____ () C:\Users\Mike\.ghost-ntfs-3g-00000000000000000009
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-27 23:56 - 2013-11-12 01:58 - 00000000 ____D () C:\AdwCleaner
2014-12-27 23:31 - 2013-05-15 13:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-27 23:30 - 2012-04-03 03:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-27 23:20 - 2013-11-12 13:09 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3182889431-3709305361-3210593515-1001UA.job
2014-12-27 21:20 - 2013-11-12 13:09 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3182889431-3709305361-3210593515-1001Core.job
2014-12-27 20:28 - 2014-09-20 15:01 - 00000000 ____D () C:\Users\Mike\Desktop\mods
2014-12-27 20:15 - 2014-05-15 23:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-27 20:04 - 2012-10-15 16:11 - 00007601 _____ () C:\Users\Mike\AppData\Local\Resmon.ResmonCfg
2014-12-27 16:31 - 2013-05-15 13:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-27 15:34 - 2012-03-15 07:30 - 01560482 _____ () C:\Windows\WindowsUpdate.log
2014-12-26 15:59 - 2014-04-29 08:05 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-12-26 13:25 - 2009-07-13 23:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-26 13:25 - 2009-07-13 23:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-26 13:18 - 2012-11-16 03:30 - 00000144 _____ () C:\service.log
2014-12-26 13:17 - 2014-04-26 18:09 - 00000000 ___RD () C:\Users\Mike\Dropbox
2014-12-26 13:17 - 2014-04-26 18:06 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Dropbox
2014-12-26 13:16 - 2014-04-27 00:00 - 00035304 _____ () C:\Windows\setupact.log
2014-12-26 13:16 - 2013-06-06 03:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-26 13:15 - 2013-05-16 08:09 - 00000000 ____D () C:\Users\Mike\AppData\Local\TSVNCache
2014-12-26 13:15 - 2012-03-15 07:47 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-12-26 13:15 - 2012-03-15 07:42 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-26 13:15 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-26 13:14 - 2014-04-29 10:09 - 00324078 _____ () C:\Windows\PFRO.log
2014-12-26 06:26 - 2012-08-25 14:00 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Skype
2014-12-25 11:02 - 2014-06-13 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-25 11:01 - 2012-03-15 07:41 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-23 07:44 - 2013-04-21 10:33 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-20 21:38 - 2013-08-14 12:32 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2014-12-20 16:24 - 2012-03-23 17:37 - 00000000 ____D () C:\Users\Mike
2014-12-20 14:37 - 2014-07-12 15:25 - 00000000 ____D () C:\Windows\jumpshot.com
2014-12-20 09:33 - 2014-07-12 15:26 - 00000000 __SHD () C:\Jumpshot
2014-12-19 21:21 - 2014-09-18 07:45 - 00000000 ____D () C:\Users\Mike\Documents\Egosoft
2014-12-19 01:54 - 2013-08-07 12:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-19 01:52 - 2012-04-03 03:01 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-19 01:52 - 2012-04-03 03:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-19 01:52 - 2012-03-23 18:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-18 17:29 - 2013-04-25 09:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-16 21:35 - 2014-02-13 15:59 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Azureus
2014-12-14 08:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 05:08 - 2013-10-27 09:12 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-13 05:08 - 2013-10-27 09:12 - 00027983 _____ () C:\Windows\system32\nvinfo.pb
2014-12-13 05:08 - 2013-05-14 07:57 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-12-13 05:08 - 2012-03-15 07:41 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-12-13 05:08 - 2012-03-15 07:41 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-12-13 05:08 - 2012-03-15 07:41 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-12-13 03:03 - 2012-11-18 03:02 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-12-13 03:03 - 2012-03-15 07:42 - 06859408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-12-13 03:03 - 2012-03-15 07:42 - 03513488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-12-13 03:03 - 2012-03-15 07:42 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-12-13 03:03 - 2012-03-15 07:42 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-12-13 03:03 - 2012-03-15 07:42 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-12-12 19:12 - 2014-06-13 21:01 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-12-12 19:12 - 2014-06-13 21:01 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-12-12 19:12 - 2014-06-13 20:57 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-12-12 19:12 - 2014-06-13 20:57 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-12-12 18:11 - 2012-03-15 07:42 - 04151176 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-12 11:32 - 2013-09-10 01:55 - 00000000 ____D () C:\Users\Mike\Downloads\New folder
2014-12-12 11:20 - 2012-03-23 19:25 - 00108816 _____ () C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-12 09:23 - 2014-04-26 18:09 - 00001013 _____ () C:\Users\Mike\Desktop\Dropbox.lnk
2014-12-12 09:23 - 2014-04-26 18:07 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 03:04 - 2009-07-13 23:45 - 00407432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-12 03:01 - 2014-05-06 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-12 03:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 03:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 23:05 - 2012-04-03 03:17 - 00000000 ____D () C:\Users\Mike\AppData\Local\CrashDumps
2014-12-11 21:36 - 2014-01-15 16:42 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 20:53 - 2012-03-15 07:41 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-11 20:21 - 2014-06-13 20:57 - 00000000 ____D () C:\Users\Mike\AppData\Local\NVIDIA Corporation
2014-12-11 03:20 - 2012-07-11 11:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 03:16 - 2013-08-14 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 03:08 - 2012-04-13 15:11 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 23:22 - 2013-04-22 23:09 - 00000903 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZooskMessenger.lnk
2014-12-10 15:33 - 2012-03-26 02:34 - 00000000 ____D () C:\illusion
2014-12-08 00:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-07 19:36 - 2013-08-17 16:55 - 00001077 _____ () C:\Users\Public\Desktop\Vz  In-Home Agent.lnk
2014-12-06 23:15 - 2014-04-29 10:55 - 00000000 ____D () C:\Users\Mike\Documents\ArcheAge
2014-12-04 11:14 - 2014-05-15 23:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-03 21:24 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-03 21:01 - 2014-05-15 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-03 21:01 - 2013-05-10 08:32 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-02 18:02 - 2013-06-06 04:13 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-30 21:21 - 2012-03-23 20:24 - 00000000 ____D () C:\Users\Mike\Documents\Symantec
2014-11-30 20:03 - 2012-06-07 19:34 - 25748472 _____ (ArenaNet) C:\Users\Mike\Desktop\Gw2.tmp
2014-11-30 20:03 - 2012-06-05 13:45 - 25748472 _____ (ArenaNet) C:\Users\Mike\Desktop\Gw2.exe
2014-11-30 19:57 - 2013-05-05 18:18 - 00000000 ____D () C:\Program Files (x86)\Mount&Blade
2014-11-28 11:08 - 2012-03-23 17:38 - 00000000 ____D () C:\Windows\System32\Tasks\Games
 
Some content of TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiuqqco.dll
C:\Users\Mike\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Mike\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Mike\AppData\Local\Temp\nvStInst.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-25 18:08
 
==================== End Of Log ============================


#6 mikeyssx

mikeyssx
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 28 December 2014 - 12:14 AM

Now the here the other addition txt 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2014
Ran by Mike at 2014-12-28 00:05:55
Running from C:\Users\Mike\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcheAge (HKLM-x32\...\Glyph ArcheAge) (Version:  - Trion Worlds, Inc.)
Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version:  - Trion Worlds, Inc.)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Blade and Soul (HKLM-x32\...\{CEF766E5-6E15-441F-B14A-C44CB168DBE7}) (Version: 1.0.0 - PlayBns.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Cisco Networking Academy curriculum 4.0.0.2 (HKLM-x32\...\Cisco Networking Academy curriculum_is1) (Version:  - Cisco Systems, Inc.)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
D-Fend Reloaded 1.3.5 (deinstall) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.3.5 - Alexander Herzog)
Distant Worlds Universe (HKLM-x32\...\Distant Worlds Universe_is1) (Version:  - )
Dropbox (HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
EasySaver B9.1214.1  (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
escape pods (HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\...\escape pods) (Version:  - )
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.0.0.0 - Futuremark Corporation)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HF pAppLoc version 1.1.1 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.1.1 - Inquisitor)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
IHA_MessageCenter (HKLM-x32\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)
ILLUSION ジンコウガクエン (HKLM-x32\...\{C109AF5B-69D0-4C93-B360-F28D9FAB6084}) (Version: 1.00.0000 - ILLUSION)
ILLUSION ジンコウガクエン きゃらめいく (HKLM-x32\...\{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}) (Version: 1.00.0000 - ILLUSION)
ILLUSION ジンコウガクエン2 (HKLM-x32\...\{AF83EF7D-353A-4E0C-9919-C4E4BCB5F742}) (Version: 1.00.0000 - ILLUSION)
ILLUSION ジンコウガクエン2 きゃらめいく (HKLM-x32\...\{A56F495B-7075-4510-AC91-485416140DA2}) (Version: 1.00.0000 - ILLUSION)
ILLUSION すくぅ~るメイト2 (HKLM-x32\...\{46B69F5F-E77D-49DE-9729-0F562564A15E}) (Version: 1.00.0000 - ILLUSION)
ILLUSION 勇者からは逃げられない! (HKLM-x32\...\{A99C800B-C5F3-48B9-AE2F-A9BE1C553111}) (Version: 1.00.0000 - ILLUSION)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Landmark Beta (HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\...\SOE-Landmark Beta) (Version: 1.0.3.183 - Sony Online Entertainment)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mount&Blade (HKLM-x32\...\Mount&Blade) (Version:  - )
Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version:  - )
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OPTI-SAFE Sentinel for Windows (HKLM-x32\...\OPTI-SAFE Sentinel for Windows_is1) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
PakkISO 0.4 (HKLM-x32\...\PakkISO_is1) (Version: PakkISO 0.4 by zorted, installer by BitLooter - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version:  - )
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Secure Download Manager (HKLM-x32\...\{6CEF2BC6-8929-44EE-8360-175513E1A49A}) (Version: 3.0.5 - e-academy Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Splashtop Connect for Firefox (HKLM-x32\...\{45D49CA7-D7D8-4659-B35A-EBD98C30AF28}) (Version: 1.1.8.4 - Splashtop Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sunrider: Mask of Arcadius (HKLM-x32\...\Steam App 313730) (Version:  - Love in Space)
TeamSpeak 3 Client (HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Witcher 2 Enhanced Edition version 3.0 (HKLM-x32\...\The Witcher 2 Enhanced Edition_is1) (Version: 3.0 - CD Projekt RED)
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.00.0000 - CD Projekt Red)
TortoiseSVN 1.7.12.24070 (64 bit) (HKLM\...\{B2DCF07D-0F89-4818-8B41-50DABC1A310D}) (Version: 1.7.24070 - TortoiseSVN)
Unity Web Player (HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.68.0 - Verizon)
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Password Reset Standard (HKLM-x32\...\{1424E141-E3C1-4A9C-BB8D-FFB59A8111EA}_is1) (Version:  - Anmosoft, Inc.)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
X3 Albio Prelude Bonus Pack 5.1.0.0 (HKLM-x32\...\X3AP Bonus Pack_is1) (Version: 5.1.0.0 - Egosoft)
X3: Albion Prelude (HKLM-x32\...\Steam App 201310) (Version:  - Egosoft)
X3: Terran Conflict (HKLM-x32\...\Steam App 2820) (Version:  - Egosoft)
XCom Long War EW Mod version Beta 14g (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: Beta 14g - JohnnyLump)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
X-Universe Plugin Manager 1.47 (HKLM-x32\...\X-Universe Plugin Manager_is1) (Version: 1.47 - Cycrow)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)
Zoosk Messenger (HKLM-x32\...\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1) (Version: 4.184.0 - Zoosk, Inc.)
Zoosk Messenger (x32 Version: 4.184.0 - Zoosk, Inc.) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
04-12-2014 00:06:31 Scheduled Checkpoint
09-12-2014 14:09:14 Windows Update
10-12-2014 14:58:26 ILLUSION ラブガール~魅惑の個人レッスン~ を削除しました
10-12-2014 15:34:19 ILLUSION 人工少女3 を削除しました
10-12-2014 16:12:29 ILLUSION ラブガール~魅惑の個人レッスン~ を削除しました
11-12-2014 03:01:04 Windows Update
11-12-2014 20:19:50 Installed DirectX
12-12-2014 22:57:27 Windows Update
16-12-2014 15:09:36 Windows Update
18-12-2014 03:00:22 Windows Update
20-12-2014 20:47:51 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
23-12-2014 02:40:29 Windows Update
25-12-2014 03:00:12 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01E01C50-5B1D-4A88-A477-1C18C4CDEC8E} - System32\Tasks\{2FF4FF9D-18CB-4145-A7D8-12872013A37D} => C:\Program Files (x86)\SEGA\Medieval II Total War\medieval2.exe
Task: {192DAF68-CC45-4A0C-B472-452C4295196C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-15] (Google Inc.)
Task: {1CF9A07A-10E3-47D3-948E-E23F0D595BC3} - System32\Tasks\{FF0E4695-4FCB-422B-BCBC-B9F38D722CFB} => pcalua.exe -a E:\setup.exe -d E:\
Task: {1D6C8B3F-36AD-4E52-9022-8A8A7708CCA4} - System32\Tasks\{5684BFCC-3F46-42C9-A00B-294E8031A8CA} => pcalua.exe -a C:\Users\Mike\Downloads\Range_RAT7_SD7_0_20_0_64Bit_Drivers(1).exe -d C:\Users\Mike\Downloads
Task: {37B0E6D3-C47A-43D6-AB95-5B4C4DA30C7B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {43603991-6294-4ECD-9595-E1AB42C023E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-15] (Google Inc.)
Task: {438EF949-776E-442D-858A-8B25F5D57331} - System32\Tasks\{9B9EFC7E-DACD-4AB1-A84A-1119A855943C} => C:\illusion\ジンコウガクエン2\AA2Play English.exe [2014-10-11] (illusion)
Task: {48DCC7CE-057F-4A54-BC24-6D82D66E28F8} - System32\Tasks\{0A7238B6-BF77-46E1-83D1-A600E0FB8406} => pcalua.exe -a F:\setup.exe -d F:\
Task: {506D7CBC-D81D-4F67-B7AB-AC9B0BF34407} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: {5353439E-18A2-416D-B21F-0CC0E65528D1} - System32\Tasks\{8C144A23-DD0F-44F9-A5CE-77BC8AFB2938} => pcalua.exe -a "C:\Users\Mike\Downloads\Smart Technology 7_0_27_13 64Bit.exe" -d C:\Users\Mike\Downloads
Task: {5D3B75D3-2A7D-4DD3-B7D7-83F1A4FAF8AC} - System32\Tasks\{DE188637-B838-4AD1-9DF1-6230C24AA2BD} => pcalua.exe -a C:\Users\Mike\Desktop\mods\escape.pods.1.1.exe -d C:\Users\Mike\Desktop\mods
Task: {5ED42778-4A93-494C-9E0F-86CF2193D036} - System32\Tasks\{2DB056E2-1A08-41F4-BABE-11EB0BCAA9B3} => pcalua.exe -a C:\Users\Mike\Downloads\Range_RAT7_SD7_0_20_0_64Bit_Drivers.exe -d C:\Users\Mike\Downloads
Task: {65C1DC30-4614-44E2-896A-351B481ECA01} - System32\Tasks\{2CEC14F7-5B41-44FA-A8B6-6D3102CE6388} => pcalua.exe -a C:\Users\Mike\Downloads\aleks317.exe -d C:\Users\Mike\Downloads
Task: {74F749D0-00A3-418A-8A62-A6F3A2497BF7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7F1A3050-A448-483D-A08E-A078BCEB798B} - System32\Tasks\{546A1ADE-5B1C-4288-BF6E-35A2AF011084} => pcalua.exe -a C:\KISS\カスタムメイド3D\Installer.exe -c /luninst1
Task: {7FD929B0-B2B4-4460-B85D-F49C49F35930} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3182889431-3709305361-3210593515-1001Core => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24] (Google Inc.)
Task: {9990A400-8802-4B79-8B18-62BE1B219D0C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A97FE877-D9F4-4A0A-BE87-2FFEF9C9B951} - System32\Tasks\{679E65FF-A0A6-436B-BD4A-B9DEAE03C605} => C:\Users\Mike\Downloads\mountandblade_1011_setup.exe [2013-05-05] ()
Task: {AE20F00E-3473-42AF-9939-1EECA93815D0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3182889431-3709305361-3210593515-1001UA => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24] (Google Inc.)
Task: {B8923340-5BF2-4C0C-8403-33BE074D83E8} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {BA67B5A8-8D55-4441-9252-3F01E9265FF6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {BA75839B-B1C0-4A09-AD4E-DBE79968C91F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-17] (AVAST Software)
Task: {BFD1BEFB-517C-4A35-8A5E-BE969BA26F87} - System32\Tasks\{31D7F6BE-90B5-439C-85DF-C032430DEB7D} => C:\Users\Mike\Downloads\mountandblade_1011_setup.exe [2013-05-05] ()
Task: {C776B283-7FDE-435D-B50F-B5B504732B5F} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe <==== ATTENTION
Task: {E74CA184-BEBA-4EF0-9B81-3FFA62741550} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: {FB1C6AA3-0E6F-47B0-984D-0E7C583DED5E} - System32\Tasks\{6375388A-35FE-49B5-ADF1-0ED1444BC400} => pcalua.exe -a E:\Startup.exe -d E:\
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3182889431-3709305361-3210593515-1001Core.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3182889431-3709305361-3210593515-1001UA.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-03-15 07:42 - 2014-12-13 03:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-03-29 10:01 - 2013-03-29 10:01 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-03-15 07:34 - 2009-08-24 16:38 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
2012-03-24 21:48 - 2010-06-04 16:05 - 00430080 _____ () C:\OPTI-SAFE Sentinel for Windows\Sentinel.exe
2014-06-13 19:34 - 2014-06-13 19:34 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-11-17 18:21 - 2014-11-17 18:21 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-17 18:21 - 2014-11-17 18:21 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-26 12:49 - 2014-12-26 12:49 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122601\algo.dll
2014-11-17 18:21 - 2014-11-17 18:21 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-12-27 14:05 - 2014-12-27 14:05 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122701\algo.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-03-15 07:34 - 2009-03-13 13:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
2014-08-30 08:45 - 2014-11-11 13:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-30 08:45 - 2014-11-11 13:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-30 08:45 - 2014-11-11 13:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-05-06 16:05 - 2014-11-11 13:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-21 15:18 - 2014-11-18 15:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-30 08:45 - 2014-11-11 13:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-30 08:45 - 2014-11-11 13:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-06-05 10:29 - 2014-11-18 15:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-03-29 08:17 - 2013-03-29 08:17 - 00070536 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\Mike\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-26 13:17 - 2014-12-26 13:17 - 00043008 _____ () c:\users\mike\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiuqqco.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\Mike\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\Mike\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\Mike\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-11-17 18:23 - 2014-11-17 18:23 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-11 21:36 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-11 21:36 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-11 21:36 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-11 21:36 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2013-03-26 15:16 - 2014-11-11 13:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-12-11 21:36 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk => C:\Windows\pss\ZooskMessenger.lnk.Startup
MSCONFIG\startupreg: ZyngaGamesAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3182889431-3709305361-3210593515-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3182889431-3709305361-3210593515-1005 - Limited - Enabled)
Guest (S-1-5-21-3182889431-3709305361-3210593515-501 - Limited - Disabled)
Mike (S-1-5-21-3182889431-3709305361-3210593515-1001 - Administrator - Enabled) => C:\Users\Mike
 
==================== Faulty Device Manager Devices =============
 
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/27/2014 06:46:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13042
 
Error: (12/27/2014 06:46:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13042
 
Error: (12/27/2014 06:46:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/27/2014 06:46:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12043
 
Error: (12/27/2014 06:46:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12043
 
Error: (12/27/2014 06:46:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/27/2014 06:46:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11045
 
Error: (12/27/2014 06:46:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11045
 
Error: (12/27/2014 06:46:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/27/2014 06:46:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10046
 
 
System errors:
=============
Error: (12/26/2014 01:16:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SentinelService service terminated with the following error: 
%%32
 
Error: (12/26/2014 01:15:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The atksgt service failed to start due to the following error: 
%%1275
 
Error: (12/26/2014 01:15:35 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Driver atksgt.sys has been blocked from loading.
 
Error: (12/22/2014 02:42:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The atksgt service failed to start due to the following error: 
%%1275
 
Error: (12/22/2014 02:42:17 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Driver atksgt.sys has been blocked from loading.
 
Error: (12/21/2014 05:49:43 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (12/21/2014 05:49:38 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (12/21/2014 05:49:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (12/21/2014 05:49:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (12/20/2014 10:02:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Client Virtualization Handler service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (12/27/2014 06:46:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13042
 
Error: (12/27/2014 06:46:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13042
 
Error: (12/27/2014 06:46:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/27/2014 06:46:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12043
 
Error: (12/27/2014 06:46:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12043
 
Error: (12/27/2014 06:46:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/27/2014 06:46:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11045
 
Error: (12/27/2014 06:46:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11045
 
Error: (12/27/2014 06:46:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/27/2014 06:46:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10046
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-6100 Six-Core Processor 
Percentage of memory in use: 42%
Total physical RAM: 8173.24 MB
Available physical RAM: 4733.81 MB
Total Pagefile: 16344.66 MB
Available Pagefile: 11607.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:398.84 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5F5C69BE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:25 AM

Posted 28 December 2014 - 08:31 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001 - (No Name) - {edcc4d90-5790-446e-96fd-1e09ca88ee75} - No File
SearchScopes: HKLM -> {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001 -> {015163BF-FC5C-4143-ABCE-09DED452F2B8} URL = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001 -> {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Extension: (Google Wallet) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [edfidmonehgnlhpkkanhjikdbagbohic] - C:\ProgramData\SaveAs\edfidmonehgnlhpkkanhjikdbagbohic.crx [Not Found]
S3 dump_wmimmc; \??\C:\9Dragons\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
Task: {C776B283-7FDE-435D-B50F-B5B504732B5F} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe <==== ATTENTION
End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

The tool will create a log Fixlog.txt please post it to your reply.
===

Using the Add/Remove programs applet remove these old versions of Java.
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)


Restart the computer to reset the registry.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#8 mikeyssx

mikeyssx
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 28 December 2014 - 02:47 PM

here the fixlog from farbar 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by Mike at 2014-12-28 14:37:39 Run:1
Running from C:\Users\Mike\Desktop\FRST-OlderVersion
Loaded Profile: Mike (Available profiles: Mike)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001 - (No Name) - {edcc4d90-5790-446e-96fd-1e09ca88ee75} - No File
SearchScopes: HKLM -> {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001 -> {015163BF-FC5C-4143-ABCE-09DED452F2B8} URL = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001 -> {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-3182889431-3709305361-3210593515-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Extension: (Google Wallet) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [edfidmonehgnlhpkkanhjikdbagbohic] - C:\ProgramData\SaveAs\edfidmonehgnlhpkkanhjikdbagbohic.crx [Not Found]
S3 dump_wmimmc; \??\C:\9Dragons\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
Task: {C776B283-7FDE-435D-B50F-B5B504732B5F} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe <==== ATTENTION
End
*****************
 
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{edcc4d90-5790-446e-96fd-1e09ca88ee75} => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}" => Key deleted successfully.
HKCR\CLSID\{21A51130-7285-49FE-B3F6-2385CC71CDEA} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{21A51130-7285-49FE-B3F6-2385CC71CDEA} => Key not found. 
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015163BF-FC5C-4143-ABCE-09DED452F2B8}" => Key deleted successfully.
HKCR\CLSID\{015163BF-FC5C-4143-ABCE-09DED452F2B8} => Key not found. 
"HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}" => Key deleted successfully.
HKCR\CLSID\{21A51130-7285-49FE-B3F6-2385CC71CDEA} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found. 
HKU\S-1-5-21-3182889431-3709305361-3210593515-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => value deleted successfully.
"HKCR\CLSID\{A13C2648-91D4-4BF3-BC6D-0079707C4389}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.7" => Key deleted successfully.
C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => Key deleted successfully.
C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5" => Key deleted successfully.
C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll not found.
C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\edfidmonehgnlhpkkanhjikdbagbohic" => Key deleted successfully.
dump_wmimmc => Service deleted successfully.
EagleX64 => Service deleted successfully.
esgiguard => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C776B283-7FDE-435D-B50F-B5B504732B5F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C776B283-7FDE-435D-B50F-B5B504732B5F}" => Key deleted successfully.
C:\Windows\System32\Tasks\Express Files Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express Files Updater" => Key deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:37:42 ====


#9 mikeyssx

mikeyssx
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 28 December 2014 - 06:52 PM

for some reason the security check isn't working it just keeps loading no box is showing up i tried it as administrator  still didn't go through just froze the screen  an d Microsoft said it not responding   



#10 mikeyssx

mikeyssx
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 29 December 2014 - 03:17 AM

now the memory usage  has gone up slowing down my gaming to a crawl 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:25 AM

Posted 29 December 2014 - 09:44 AM

Microsoft recommends that this Update be removed.
http://www.anandtech.com/show/8782/win7-driver-issues-microsoft-amd-recommend-uninstalling-kb3004394

Us the Add/Remove programs applet.

#12 mikeyssx

mikeyssx
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 29 December 2014 - 09:53 AM

can't find KB3004394 on my updates i know they came out with another update to fix the problem but idk if it worked 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:25 AM

Posted 29 December 2014 - 09:55 AM

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

#14 mikeyssx

mikeyssx
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 29 December 2014 - 09:59 AM

here the report from security check 

 

 

Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 2.0.4.1028  
 Java 8 Update 25  
 Java version out of Date! 
  Adobe Flash Player 16.0.0.235 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (for.) 
 Google Chrome 39.0.2171.71  
 Google Chrome 39.0.2171.95  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 7% 
````````````````````End of Log`````````````````````` 


#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:25 AM

Posted 29 December 2014 - 10:28 AM

You have the latest version of Java for your 64 bit operating system.

How is the computer running now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users