Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC at a stand still, unbearably slow; lots found


  • This topic is locked This topic is locked
15 replies to this topic

#1 Kryptotrigger

Kryptotrigger

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 20 January 2015 - 11:49 PM

http://www.bleepingcomputer.com/forums/t/562795/slow-computer-sometimes-at-a-stand-still/#entry3601167

 

This is where we started. I have an HP pavillion desktop, windows 8.1, pc has been running slower and slower and even after everything that we've done in this previous thread, It has all come back and my pc is so slow, I click to open chrome and it literally takes 3-4 minutes for it to open and display the homepage (which is just google.com) not to mention the slow load times of even windows explorer... any given time, cpu runs between 53-75% 4GB Ram quad core, so shouldn't be all that bad. A while back however, before I started on bleepingcomputer, I had run a supposed malware removal tool other than malware bytes and it found something and deleted it. After the work in the listed link above, my friend tells me that that program I ran before is known for burying malware deeper, not actually removing it. I fear I may have screwed up big time and it might be hiding from conventional scans. Also, just in full disclosure here, I had run all the tools and things in this thread: http://www.bleepingcomputer.com/forums/t/525055/computerinternet-is-running-ridiculously-slow/   as it seemed close to what I was experiencing. I know the steps were a little different however, so not sure if I ran something I shouldn't have. Anyway, that's everything. Sorry for the trouble and again, thank you so so much for the help!

 

QUIXK EDIT: The page was hanging after I clicked on "Post new topic" and all of a sudden it goes to this page I get A LOT of some error that says the page is down and click the button to "try a live version" I go to see my topic, and there is like 50 duplicates of this post!! I am so sorry, I have NO idea what is happening to my pc right now :'(

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17416  BrowserJavaVersion: 11.25.2
Run by Forrest at 23:31:39 on 2015-01-20
Microsoft Windows 8.1  6.3.9600.0.1252.1.1033.18.5528.3547 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Host Intrusion Prevention Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\windows\system32\mfevtps.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\taskhostex.exe
C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\SettingSyncHost.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
C:\Users\Forrest\AppData\Local\Akamai\netsession_win.exe
C:\Users\Forrest\AppData\Local\Akamai\netsession_win.exe
C:\WINDOWS\system32\taskhost.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SCAN64.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\explorer.exe
C:\Windows\System32\skydrive.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Secunia\PSI\PSI_TRAY.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Users\Forrest\AppData\Local\Temp\nsy1B34.tmp\PEV.DAT
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent
uRun: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
uRun: [uTorrent] "C:\Users\Forrest\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Akamai NetSession Interface] "C:\Users\Forrest\AppData\Local\Akamai\netsession_win.exe"
uRun: [8start] C:\8start Launcher\8start.exe
mRun: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
StartupFolder: C:\Users\Forrest\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\2XMONI~1.LNK - C:\Program Files (x86)\2X\ApplicationServer\TuxMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\NWepo.lnk - C:\Program Files (x86)\Network Associates\NWePO.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-Explorer: EnableShellExecuteHooks = dword:0
mPolicies-System: SynchronousMachineGroupPolicy = dword:0
mPolicies-System: SynchronousUserGroupPolicy = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-System: EnableSecureUIAPath = dword:1
mPolicies-Windows\System: AllowBlockingAppsAtShutdown = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://agents.nationwide.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{7B94CA13-BCAC-45F1-89D6-35C747627CEE} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{7B94CA13-BCAC-45F1-89D6-35C747627CEE} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{9138D720-C0AE-4B66-87ED-F4EA66A5296D} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{9138D720-C0AE-4B66-87ED-F4EA66A5296D}\16474777966696 : DHCPNameServer = 192.168.4.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{9138D720-C0AE-4B66-87ED-F4EA66A5296D}\84F4D454D253034464 : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: UrlHook Class - {AFBDFF94-346C-4C3D-AC24-3DA0B41BB6CD} - C:\Program Files (x86)\2X\ApplicationServer\TUXUrlHandler.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-mPolicies-Explorer: EnableShellExecuteHooks = dword:0
x64-mPolicies-System: SynchronousMachineGroupPolicy = dword:0
x64-mPolicies-System: SynchronousUserGroupPolicy = dword:0
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-mPolicies-System: EnableSecureUIAPath = dword:1
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: UrlHook Class - {AFBDFF94-346C-4C3D-AC24-3DA0B41BB6CD} - C:\Program Files (x86)\2X\ApplicationServer\x64\TUXUrlHandler.dll
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\WINDOWS\System32\drivers\amd_sata.sys [2014-6-23 81608]
R0 amd_xata;amd_xata;C:\WINDOWS\System32\drivers\amd_xata.sys [2014-6-23 25800]
R0 intelpep;Intel® Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2014-12-4 39744]
R0 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\drivers\mfehidk.sys [2013-12-14 782968]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\WINDOWS\System32\drivers\mfewfpk.sys [2013-12-14 344176]
R0 MxEFUF;Matrox Extio Upper Function Filter;C:\WINDOWS\System32\drivers\MxEFUF64.sys [2013-12-19 157696]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2014-9-24 157016]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-1-13 75776]
R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2012-9-13 92536]
R1 ctxusbm;Citrix USB Monitor Driver;C:\WINDOWS\System32\drivers\ctxusbm.sys [2013-9-24 97768]
R1 NEOFLTR_740_31481;Juniper Networks TDI Filter Driver (NEOFLTR_740_31481);C:\WINDOWS\System32\drivers\NEOFLTR_740_31481.SYS [2014-7-25 108344]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2013-9-18 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-9-15 344064]
R2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 APXACC;AppEx Networks Accelerator LWF;C:\WINDOWS\System32\drivers\appexDrv.sys [2014-11-21 228032]
R2 chromoting;Chrome Remote Desktop Service;C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe [2014-12-15 56648]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [2013-12-18 611152]
R2 HipMgmt;McAfee Host Intrusion Prevention lpc Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe [2013-6-12 153352]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\System32\drivers\LMIRfsDriver.sys [2014-5-16 72216]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2013-12-4 127520]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2013-12-14 242448]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2014-1-15 208416]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2014-3-19 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\WINDOWS\System32\mfevtps.exe [2013-12-14 185280]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-12-5 171928]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2014-11-28 1363160]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R3 AmUStor;AM USB Stroage Driver;C:\WINDOWS\System32\drivers\AmUStor.sys [2014-2-13 83224]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\WINDOWS\System32\drivers\L1C62x64.sys [2013-12-16 129224]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\drivers\mfeavfk.sys [2013-12-14 311600]
R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\System32\drivers\mfefirek.sys [2014-3-19 520056]
R3 MonitorFunction;Driver for Monitor;C:\WINDOWS\System32\drivers\TVMonitor.sys [2014-9-2 16376]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2013-8-22 16384]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\WINDOWS\System32\drivers\netr28x.sys [2014-4-5 2531528]
R3 PSI;PSI;C:\WINDOWS\System32\drivers\psi_mf_amd64.sys [2014-11-28 18456]
R3 usbfilter;AMD USB Filter Driver;C:\WINDOWS\System32\drivers\usbfilter.sys [2012-7-16 57000]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\WINDOWS\System32\drivers\mfeelamk.sys [2013-12-14 69344]
S1 mfenlfk;McAfee NDIS Light Filter;C:\WINDOWS\System32\drivers\mfenlfk.sys [2014-3-19 78960]
S2 2X Publishing Agent;2X Publishing Agent;C:\Program Files (x86)\2X\ApplicationServer\2XController.exe [2014-11-18 3420552]
S2 2X Redundancy Service;2X Redundancy Service;C:\Program Files (x86)\2X\ApplicationServer\2XRedundancy.exe [2014-11-18 3016584]
S2 2X SecureClientGateway;2X SecureClientGateway;C:\Program Files (x86)\2X\ApplicationServer\2XProxyGateway.exe [2014-11-18 1952648]
S2 2X Terminal Server Agent;2X Terminal Server Agent;C:\Program Files (x86)\2X\ApplicationServer\2XAgent.exe [2014-11-18 1792392]
S2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2014-11-28 858640]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
S2 PDF Architect Helper Service;PDF Architect Helper Service;C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-4-8 1320496]
S2 PDF Architect Service;PDF Architect Service;C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-4-8 799280]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-12-5 1738168]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-12-5 2088408]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2013-8-22 782176]
S3 ampa;ampa;C:\WINDOWS\System32\ampa.sys [2013-11-12 15288]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2013-8-22 37768]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2013-8-22 37768]
S3 ArcService;Arc Service;C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [2014-12-18 88400]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2013-8-22 17624]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2014-11-21 21712]
S3 FireNfcp;McAfee Inc. FireNfcp;C:\WINDOWS\System32\drivers\FireNfcp.sys [2013-12-14 53728]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\WINDOWS\System32\drivers\HipShieldK.sys [2013-12-14 200616]
S3 iaLPSSi_GPIO;Intel® Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2013-8-22 24568]
S3 iaLPSSi_I2C;Intel® Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2013-8-22 99320]
S3 iaStorAV;Intel® SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2013-8-22 651248]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2014-12-4 114688]
S3 lfsvc;Windows Location Framework Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2013-8-22 37768]
S3 LSI_SAS3;LSI_SAS3;C:\WINDOWS\System32\drivers\lsi_sas3.sys [2013-8-22 81760]
S3 mferkdet;McAfee Inc. mferkdet;C:\WINDOWS\System32\drivers\mferkdet.sys [2013-12-14 107032]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc63.sys [2013-8-22 87040]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2014-9-24 924504]
S3 Revoflt;Revoflt;C:\WINDOWS\System32\drivers\revoflt.sys [2015-1-8 31800]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2014-9-24 146776]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2013-8-22 37768]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2014-9-24 57176]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2013-8-22 26976]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2013-8-22 37768]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2014-12-4 114496]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2014-12-4 368632]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2013-8-22 37768]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2013-8-22 37768]
S4 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2014-1-1 9216]
S4 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-8-29 35232]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2015-01-21 04:17:12 -------- d-----w- C:\Users\Forrest\AppData\Local\Secunia PSI
2015-01-21 04:17:04 -------- d-----w- C:\Program Files (x86)\Secunia
2015-01-20 05:27:13 111016 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge-64.dll
2015-01-20 01:00:19 -------- d-----w- C:\ProgramData\Sophos
2015-01-20 00:59:18 -------- d-----w- C:\Program Files (x86)\Sophos
2015-01-18 23:09:23 1670536 ----a-w- C:\WINDOWS\System32\memshell.exe
2015-01-18 23:09:22 -------- d-----w- C:\ProgramData\2XLogs
2015-01-18 23:09:20 2304904 ----a-w- C:\WINDOWS\System32\2XUnivPrnPM.dll
2015-01-18 23:08:55 -------- d-----w- C:\Program Files (x86)\2X
2015-01-10 17:40:21 -------- d-----w- C:\Users\Forrest\Links
2015-01-10 17:17:04 -------- d-----w- C:\Program Files (x86)\PCSX2 1.2.1
2015-01-10 14:30:35 -------- d-----w- C:\Users\Forrest\AppData\Local\7Wonders2
2015-01-10 00:58:03 -------- d-----w- C:\Users\Forrest\AppData\Local\Uber Entertainment
2015-01-08 12:22:52 -------- d-----w- C:\Users\Forrest\AppData\Local\VS Revo Group
2015-01-08 12:22:48 -------- d-----w- C:\ProgramData\VS Revo Group
2015-01-08 12:22:47 31800 ----a-w- C:\WINDOWS\System32\drivers\revoflt.sys
2015-01-08 12:22:39 -------- d-----w- C:\Program Files\VS Revo Group
2015-01-08 12:14:13 37624 ----a-w- C:\WINDOWS\System32\drivers\TrueSight.sys
2015-01-08 12:14:11 -------- d-----w- C:\ProgramData\RogueKiller
2015-01-08 01:03:18 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-08 00:52:20 -------- d-----w- C:\WINDOWS\ERUNT
2015-01-06 03:16:00 -------- d-----w- C:\Users\Forrest\AppData\Local\Funcom
2015-01-04 21:42:16 2436984 ----a-w- C:\WINDOWS\System32\SNU64.dll
2015-01-04 21:42:15 -------- d-----w- C:\ProgramData\2BrightSparks
2015-01-04 21:42:15 -------- d-----w- C:\Program Files\2BrightSparks
2015-01-03 04:31:02 -------- d-----w- C:\WINDOWS\SysWow64\directx
2015-01-03 04:24:54 -------- d-----w- C:\Program Files (x86)\Cronous_JCPlanet
2015-01-03 03:02:06 -------- d-----w- C:\8start Launcher
2015-01-03 01:03:20 -------- d-----w- C:\Users\Forrest\AppData\Local\Aeria Games
2015-01-03 01:02:47 -------- d-----w- C:\ProgramData\Aeria Games
2015-01-03 01:01:28 -------- d-----w- C:\Program Files (x86)\Aeria Games
2015-01-03 00:59:33 -------- d-----w- C:\Users\Forrest\AppData\Local\Akamai
2015-01-03 00:59:31 -------- d-----w- C:\AeriaGames
2014-12-22 04:50:57 -------- d-----w- C:\Program Files (x86)\RAR Password Unlocker
.
==================== Find3M  ====================
.
2015-01-20 05:22:49 98216 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2015-01-13 04:18:35 135384 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-01-13 04:17:48 96472 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2015-01-06 00:08:45 714720 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2015-01-06 00:08:45 106976 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2014-12-19 06:26:49 140800 ----a-w- C:\WINDOWS\System32\drivers\mrxdav.sys
2014-12-12 02:04:36 87040 ----a-w- C:\WINDOWS\System32\TSWbPrxy.exe
2014-12-12 00:51:20 75776 ----a-w- C:\WINDOWS\System32\drivers\ahcache.sys
2014-12-09 01:50:34 225280 ----a-w- C:\WINDOWS\System32\profsvc.dll
2014-12-08 19:42:34 33584 ----a-w- C:\WINDOWS\SysWow64\WerFaultSecure.exe
2014-12-08 19:42:33 535640 ----a-w- C:\WINDOWS\System32\wer.dll
2014-12-08 19:42:33 531616 ----a-w- C:\WINDOWS\System32\ci.dll
2014-12-08 19:42:33 413248 ----a-w- C:\WINDOWS\System32\Faultrep.dll
2014-12-08 19:42:33 108944 ----a-w- C:\WINDOWS\System32\EncDump.dll
2014-12-08 19:42:31 448792 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2014-12-08 19:42:31 372408 ----a-w- C:\WINDOWS\SysWow64\Faultrep.dll
2014-12-08 19:42:26 38264 ----a-w- C:\WINDOWS\System32\WerFaultSecure.exe
2014-12-06 03:17:13 360448 ----a-w- C:\WINDOWS\System32\ncsi.dll
2014-12-06 01:41:58 391680 ----a-w- C:\WINDOWS\System32\nlasvc.dll
2014-12-06 01:35:00 229888 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll
2014-12-05 01:23:16 789184 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2014-12-05 01:23:16 602768 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2014-12-05 01:23:10 2149376 ----a-w- C:\WINDOWS\System32\msxml3.dll
2014-12-05 01:23:10 1346048 ----a-w- C:\WINDOWS\SysWow64\msxml3.dll
2014-12-05 01:21:57 88800 ----a-w- C:\WINDOWS\SysWow64\ncryptsslp.dll
2014-12-05 01:20:25 99328 ----a-w- C:\WINDOWS\SysWow64\hlink.dll
2014-12-05 01:17:33 334336 ----a-w- C:\WINDOWS\SysWow64\puiobj.dll
2014-12-05 01:16:30 590336 ----a-w- C:\WINDOWS\System32\rastls.dll
2014-12-05 01:16:30 514048 ----a-w- C:\WINDOWS\SysWow64\rastls.dll
2014-12-05 01:16:16 95744 ----a-w- C:\WINDOWS\System32\wudriver.dll
2014-12-05 01:16:16 81920 ----a-w- C:\WINDOWS\SysWow64\wudriver.dll
2014-12-05 01:16:16 407552 ----a-w- C:\WINDOWS\System32\WUSettingsProvider.dll
2014-12-05 01:16:16 35840 ----a-w- C:\WINDOWS\System32\wuapp.exe
2014-12-05 01:16:16 29696 ----a-w- C:\WINDOWS\SysWow64\wuapp.exe
2014-12-05 01:16:16 17408 ----a-w- C:\WINDOWS\System32\wuaext.dll
2014-12-05 01:16:16 1714176 ----a-w- C:\WINDOWS\System32\wucltux.dll
2014-12-05 01:16:16 140288 ----a-w- C:\WINDOWS\System32\wuwebv.dll
2014-12-05 01:16:16 124928 ----a-w- C:\WINDOWS\SysWow64\wuwebv.dll
2014-12-05 01:16:05 4182016 ----a-w- C:\WINDOWS\System32\win32k.sys
2014-12-05 01:11:27 62976 ----a-w- C:\WINDOWS\System32\ahadmin.dll
2014-12-05 01:11:27 54784 ----a-w- C:\WINDOWS\System32\admwprox.dll
2014-12-05 01:11:27 192000 ----a-w- C:\WINDOWS\System32\iisRtl.dll
2014-12-05 01:11:27 17408 ----a-w- C:\WINDOWS\System32\iisreset.exe
2014-12-05 01:11:27 15360 ----a-w- C:\WINDOWS\System32\wamregps.dll
2014-12-05 01:11:27 12288 ----a-w- C:\WINDOWS\System32\iisrstap.dll
2014-12-05 01:11:26 51200 ----a-w- C:\WINDOWS\SysWow64\admwprox.dll
2014-12-05 01:11:26 26112 ----a-w- C:\WINDOWS\SysWow64\ahadmin.dll
2014-12-05 01:11:26 16384 ----a-w- C:\WINDOWS\SysWow64\iisreset.exe
2014-12-05 01:11:26 157696 ----a-w- C:\WINDOWS\SysWow64\iisRtl.dll
2014-12-05 01:11:26 11264 ----a-w- C:\WINDOWS\SysWow64\wamregps.dll
2014-12-05 01:11:26 10240 ----a-w- C:\WINDOWS\SysWow64\iisrstap.dll
2014-12-04 22:31:44 18960 ----a-w- C:\WINDOWS\System32\drivers\LNonPnP.sys
2014-12-04 22:30:47 0 ----a-w- C:\WINDOWS\ativpsrm.bin
2014-12-03 23:37:36 227328 ----a-w- C:\WINDOWS\System32\aepdu.dll
2014-12-03 23:09:06 830464 ----a-w- C:\WINDOWS\System32\appraiser.dll
2014-12-02 23:09:13 412672 ----a-w- C:\WINDOWS\System32\generaltel.dll
2014-12-02 23:09:10 740864 ----a-w- C:\WINDOWS\System32\invagent.dll
2014-12-02 23:09:09 396288 ----a-w- C:\WINDOWS\System32\devinv.dll
2014-12-02 23:09:08 192000 ----a-w- C:\WINDOWS\System32\aepic.dll
2014-12-02 23:09:08 1083392 ----a-w- C:\WINDOWS\System32\aeinv.dll
2014-12-02 16:19:25 65536 ----a-w- C:\WINDOWS\System32\spu_storage.bin
2014-11-28 12:02:18 18456 ----a-w- C:\WINDOWS\System32\drivers\psi_mf_amd64.sys
2014-11-22 02:50:10 580096 ----a-w- C:\WINDOWS\System32\vbscript.dll
2014-11-22 02:49:44 417280 ----a-w- C:\WINDOWS\System32\html.iec
2014-11-22 02:48:20 88064 ----a-w- C:\WINDOWS\System32\MshtmlDac.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\WINDOWS\System32\jscript9.dll
2014-11-22 02:07:43 501248 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2014-11-22 02:06:16 340992 ----a-w- C:\WINDOWS\SysWow64\html.iec
2014-11-22 02:05:02 64000 ----a-w- C:\WINDOWS\SysWow64\MshtmlDac.dll
2014-11-22 01:59:16 1032704 ----a-w- C:\WINDOWS\System32\inetcomm.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\WINDOWS\System32\inetcpl.cpl
2014-11-22 01:29:28 880128 ----a-w- C:\WINDOWS\SysWow64\inetcomm.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\WINDOWS\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\WINDOWS\SysWow64\inetcpl.cpl
2014-11-22 01:00:20 1888256 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2014-11-22 00:06:03 21712 ----a-w- C:\WINDOWS\SysWow64\drivers\DrvAgent64.SYS
2014-11-21 11:14:26 64216 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2014-11-21 11:14:08 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2014-11-19 07:29:32 582552 ------w- C:\WINDOWS\System32\AutoUpdate.exe
2014-11-10 02:29:26 34304 ----a-w- C:\WINDOWS\System32\DeviceSetupStatusProvider.dll
2014-11-10 01:51:49 28672 ----a-w- C:\WINDOWS\SysWow64\DeviceSetupStatusProvider.dll
2014-11-07 04:16:02 1762840 ----a-w- C:\WINDOWS\System32\WindowsCodecs.dll
2014-11-07 03:26:52 1489072 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2014-10-31 23:57:48 1091072 ----a-w- C:\WINDOWS\System32\MrmCoreR.dll
2014-10-31 23:47:59 790528 ----a-w- C:\WINDOWS\SysWow64\MrmCoreR.dll
2014-10-30 23:39:13 1970432 ----a-w- C:\WINDOWS\System32\crypt32.dll
2014-10-30 23:38:56 1612992 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll
2014-10-30 22:37:31 129536 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2014-10-30 22:34:07 146432 ----a-w- C:\WINDOWS\System32\poqexec.exe
2014-10-29 04:00:24 465320 ----a-w- C:\WINDOWS\System32\WerFault.exe
2014-10-29 04:00:23 139984 ----a-w- C:\WINDOWS\System32\wermgr.exe
2014-10-29 03:52:49 500016 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2014-10-29 03:52:48 394120 ----a-w- C:\WINDOWS\System32\AUDIOKSE.dll
2014-10-29 03:52:48 272248 ----a-w- C:\WINDOWS\System32\audiodg.exe
2014-10-29 03:52:43 482872 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2014-10-29 03:12:03 413136 ----a-w- C:\WINDOWS\SysWow64\WerFault.exe
2014-10-29 03:12:03 136296 ----a-w- C:\WINDOWS\SysWow64\wermgr.exe
2014-10-29 03:07:09 370424 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2014-10-29 03:07:02 344536 ----a-w- C:\WINDOWS\SysWow64\AUDIOKSE.dll
.
============= FINISH: 23:32:40.66 ===============

Edited by Kryptotrigger, 20 January 2015 - 11:56 PM.


BC AdBot (Login to Remove)

 


#2 Kryptotrigger

Kryptotrigger
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 21 January 2015 - 12:06 AM

Other quick note I forgot to mention, the online scanner from the second link in the post, found a trojan, in the first link, you can see where my hosts file was hijacked and I believe malwarebytes had found a threat but I had it delete it per the guys instructions. just forgot to add that in to the first thing. 



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:26 PM

Posted 23 January 2015 - 11:49 AM

Greetings Kryptotrigger and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:26 PM

Posted 26 January 2015 - 10:47 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:26 PM

Posted 28 January 2015 - 11:46 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:26 PM

Posted 29 January 2015 - 08:24 PM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Kryptotrigger

Kryptotrigger
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 30 January 2015 - 09:08 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Forrest (administrator) on HYAKKASEIHOU on 30-01-2015 21:00:48
Running from C:\Users\Forrest\Downloads
Loaded Profiles: Forrest (Available profiles: Forrest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe
(McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Akamai Technologies, Inc.) C:\Users\Forrest\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(8start.com) C:\8start Launcher\8start.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Akamai Technologies, Inc.) C:\Users\Forrest\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-06-06] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-06] (IDT, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1133584 2014-11-28] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 0
HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\Run: [DriverMax] => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe [8811896 2014-11-17] (Innovative Solutions)
HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\Run: [uTorrent] => "C:\Users\Forrest\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Forrest\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\Run: [8start] => C:\8start Launcher\8start.exe [2404352 2011-06-03] (8start.com)
HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NWepo.lnk
ShortcutTarget: NWepo.lnk -> C:\Program Files (x86)\Network Associates\NWePO.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3308819416-815019441-780761082-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3308819416-815019441-780761082-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3308819416-815019441-780761082-1001 -> {5258D3B8-142E-42F7-9364-C3FD087834AA} URL = 
SearchScopes: HKU\S-1-5-21-3308819416-815019441-780761082-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {9916D178-71C8-4764-969C-95B9B67A1F76} https://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://agents.nationwide.com/dana-cached/sc/JuniperSetupClient.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
ShellExecuteHooks: UrlHook Class - {AFBDFF94-346C-4C3D-AC24-3DA0B41BB6CD} - C:\Program Files (x86)\2X\ApplicationServer\x64\TUXUrlHandler.dll [102280 2014-11-18] (2X Software Ltd.)
ShellExecuteHooks-x32: UrlHook Class - {AFBDFF94-346C-4C3D-AC24-3DA0B41BB6CD} - C:\Program Files (x86)\2X\ApplicationServer\TUXUrlHandler.dll [96136 2014-11-18] (2X Software Ltd.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{7B94CA13-BCAC-45F1-89D6-35C747627CEE}: [NameServer] 8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-10-18]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-01-01]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-01-01]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-12-14]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-07-26]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-01]
CHR Extension: (Google Drive) - C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-01]
CHR Extension: (Adblock Plus) - C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-01]
CHR Extension: (Google Search) - C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-01]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-07-26]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-06-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-12]
CHR Extension: (Google Wallet) - C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-01]
CHR Extension: (Gmail) - C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-01]
CHR HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 2X Publishing Agent; C:\Program Files (x86)\2X\ApplicationServer\2XController.exe [3420552 2014-11-18] (2X Software Ltd.)
S2 2X Redundancy Service; C:\Program Files (x86)\2X\ApplicationServer\2XRedundancy.exe [3016584 2014-11-18] (2X Software Ltd.)
S2 2X SecureClientGateway; C:\Program Files (x86)\2X\ApplicationServer\2XProxyGateway.exe [1952648 2014-11-18] (2X Software Ltd.)
S2 2X Terminal Server Agent; C:\Program Files (x86)\2X\ApplicationServer\2XAgent.exe [1792392 2014-11-18] (2X Software Ltd.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-12-18] (Perfect World Entertainment Inc)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [858640 2014-11-28] (AVG Technologies CZ, s.r.o.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe [56648 2014-12-15] (Google Inc.)
R2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [611152 2013-12-18] (McAfee, Inc.)
S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-12-12] (Ellora Assets Corp.) [File not signed]
R2 HipMgmt; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe [153352 2013-06-12] (McAfee, Inc.)
S4 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [127520 2013-12-04] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2014-03-19] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [208416 2014-01-15] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2013-12-18] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [185280 2013-12-18] (McAfee, Inc.)
S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-06] (IDT, Inc.) [File not signed]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-12-04] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-12-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-12-04] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ampa; C:\windows\system32\ampa.sys [15288 2011-12-26] () [File not signed]
S3 ampa; C:\windows\SysWOW64\ampa.sys [12728 2011-12-26] () [File not signed]
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [228032 2014-08-08] (AppEx Networks Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 FireNfcp; C:\Windows\System32\drivers\FireNfcp.sys [53728 2014-08-12] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [200616 2013-12-18] (McAfee, Inc.)
R3 L1C; C:\Windows\system32\DRIVERS\L1C62x64.sys [129224 2013-08-22] (Qualcomm Atheros Co., Ltd.)
R0 LPCFilter; C:\Windows\System32\drivers\LPCFilter.sys [31024 2012-08-02] (Windows ® Win 7 DDK provider)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2013-12-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2013-12-18] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520056 2013-12-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2013-12-18] (McAfee, Inc.)
S1 mfenlfk; C:\Windows\system32\DRIVERS\mfenlfk.sys [78960 2013-12-18] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2014-03-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2013-12-18] (McAfee, Inc.)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)
R1 NEOFLTR_740_31481; C:\windows\system32\Drivers\NEOFLTR_740_31481.SYS [108344 2014-06-07] (Juniper Networks)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-12-04] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-30 21:00 - 2015-01-30 21:01 - 00024976 _____ () C:\Users\Forrest\Downloads\FRST.txt
2015-01-30 20:59 - 2015-01-30 21:00 - 00000000 ____D () C:\FRST
2015-01-30 20:58 - 2015-01-30 20:58 - 02130432 _____ (Farbar) C:\Users\Forrest\Downloads\FRST64.exe
2015-01-20 23:29 - 2015-01-20 23:29 - 00688992 ____R (Swearware) C:\Users\Forrest\Desktop\dds.com
2015-01-20 23:17 - 2015-01-20 23:17 - 00001087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-01-20 23:17 - 2015-01-20 23:17 - 00000000 ____D () C:\Users\Forrest\AppData\Local\Secunia PSI
2015-01-20 23:17 - 2015-01-20 23:17 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-01-20 23:08 - 2015-01-20 23:09 - 00001198 _____ () C:\DelFix.txt
2015-01-20 00:27 - 2015-01-20 00:27 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-01-19 20:00 - 2015-01-19 20:00 - 00000000 ____D () C:\ProgramData\Sophos
2015-01-19 19:59 - 2015-01-19 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-01-19 19:59 - 2015-01-19 19:59 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-01-18 18:09 - 2014-11-18 11:10 - 02304904 _____ (2X Software Ltd.) C:\WINDOWS\system32\2XUnivPrnPM.dll
2015-01-18 18:09 - 2014-11-18 10:58 - 01670536 _____ (2X Software Ltd.) C:\WINDOWS\system32\memshell.exe
2015-01-18 18:08 - 2015-01-18 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2X
2015-01-18 18:08 - 2015-01-18 18:08 - 00000000 ____D () C:\Program Files (x86)\2X
2015-01-18 18:07 - 2015-01-18 18:07 - 02558394 _____ () C:\Users\Forrest\Downloads\2xjavaclient.zip
2015-01-18 18:06 - 2015-01-18 18:07 - 96460800 _____ () C:\Users\Forrest\Downloads\2xappserver.msi
2015-01-18 18:06 - 2015-01-18 18:06 - 12156928 _____ () C:\Users\Forrest\Downloads\2XWebPortal-x64.msi
2015-01-18 13:00 - 2015-01-19 19:27 - 00000000 ____D () C:\Users\Forrest\Downloads\Godzilla.2014.3D.1080p.BluRay.x264-SPRiNTER[rarbg]
2015-01-18 10:28 - 2015-01-18 11:54 - 00000000 ____D () C:\Users\Forrest\Downloads\Batman.Arkham.City.PS3
2015-01-18 10:06 - 2015-01-18 10:06 - 00991232 _____ () C:\Users\Forrest\Downloads\MicrosoftFixit50267.msi
2015-01-14 21:18 - 2015-01-24 19:56 - 00000377 _____ () C:\WINDOWS\setupact.log
2015-01-14 21:18 - 2015-01-14 21:18 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-14 21:17 - 2015-01-19 19:37 - 00002082 _____ () C:\WINDOWS\PFRO.log
2015-01-13 19:53 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 19:53 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 19:53 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 19:53 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 19:53 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 19:53 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 19:53 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 19:53 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 19:53 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 19:53 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 19:53 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 19:53 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 19:53 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 19:53 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 19:53 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 19:53 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-13 19:53 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-13 19:53 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-13 19:53 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-13 19:53 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-13 19:53 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-13 19:53 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-13 19:53 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-13 19:53 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-13 19:53 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-13 19:53 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-13 19:53 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-13 19:53 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-13 19:53 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-13 19:53 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-13 19:53 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-11 18:27 - 2015-01-11 18:27 - 00000000 ____D () C:\Users\Forrest\Documents\Diablo III
2015-01-11 01:19 - 2015-01-11 01:20 - 41753664 _____ () C:\Users\Forrest\Downloads\multiMAN_ver_04.66.09_BASE_CEX_(20150107).pkg.952.v04.66.09_brewology_com.pkg
2015-01-10 14:44 - 2015-01-30 20:25 - 01421397 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-10 12:43 - 2015-01-18 10:14 - 00000000 ____D () C:\Users\Forrest\Downloads\Protection
2015-01-10 12:18 - 2015-01-10 12:26 - 00000000 ____D () C:\Users\Forrest\Documents\PCSX2
2015-01-10 12:17 - 2015-01-10 12:37 - 00000000 ____D () C:\Program Files (x86)\PCSX2 1.2.1
2015-01-10 12:17 - 2015-01-10 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2015-01-10 09:30 - 2015-01-10 09:30 - 00000064 _____ () C:\WINDOWS\GPlrLanc.dat
2015-01-09 19:58 - 2015-01-09 19:58 - 00000000 ____D () C:\Users\Forrest\AppData\Local\Uber Entertainment
2015-01-08 07:22 - 2015-01-08 07:22 - 00000000 ____D () C:\Users\Forrest\AppData\Local\VS Revo Group
2015-01-08 07:22 - 2015-01-08 07:22 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-01-08 07:22 - 2015-01-08 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-01-08 07:22 - 2015-01-08 07:22 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-08 07:22 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-01-08 07:14 - 2015-01-08 07:14 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-01-08 07:14 - 2015-01-08 07:14 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-07 20:03 - 2015-01-12 23:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-07 19:52 - 2015-01-20 23:08 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-05 22:16 - 2015-01-05 22:16 - 00000000 ____D () C:\Users\Forrest\AppData\Local\Funcom
2015-01-04 16:42 - 2015-01-04 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2BrightSparks
2015-01-04 16:42 - 2015-01-04 16:42 - 00000000 ____D () C:\ProgramData\2BrightSparks
2015-01-04 16:42 - 2015-01-04 16:42 - 00000000 ____D () C:\Program Files\2BrightSparks
2015-01-04 16:42 - 2012-05-10 08:31 - 02436984 _____ (2BrightSparks Pte Ltd) C:\WINDOWS\system32\SNU64.dll
2015-01-04 03:14 - 2015-01-11 01:10 - 00000000 ____D () C:\Users\Forrest\Downloads\rpcs3-3d2aa62-windows-x86-64
2015-01-02 23:31 - 2015-01-10 13:07 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2015-01-02 23:25 - 2015-01-02 23:25 - 00000000 ____D () C:\Users\Forrest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cronous_JCPlanet
2015-01-02 23:24 - 2015-01-03 00:46 - 00000000 ____D () C:\Program Files (x86)\Cronous_JCPlanet
2015-01-02 22:02 - 2015-01-02 22:06 - 00000000 ____D () C:\8start Launcher
2015-01-02 22:02 - 2015-01-02 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8start Launcher
2015-01-02 21:46 - 2015-01-02 21:46 - 00002120 _____ () C:\Users\Forrest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2015-01-02 21:46 - 2015-01-02 21:46 - 00000000 ____D () C:\Users\Forrest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2015-01-02 21:41 - 2015-01-02 21:41 - 00001560 _____ () C:\Users\Forrest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JagexLauncher.lnk
2015-01-02 20:13 - 2015-01-10 13:07 - 00000000 ____D () C:\Users\Forrest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2015-01-02 20:03 - 2015-01-02 20:03 - 00000000 ____D () C:\Users\Forrest\AppData\Local\Aeria Games
2015-01-02 20:02 - 2015-01-02 20:02 - 00000000 ____D () C:\ProgramData\Aeria Games
2015-01-02 20:01 - 2015-01-02 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
2015-01-02 20:01 - 2015-01-02 20:01 - 00000000 ____D () C:\Program Files (x86)\Aeria Games
2015-01-02 19:59 - 2015-01-10 13:16 - 00000000 ____D () C:\AeriaGames
2015-01-02 19:59 - 2015-01-02 19:59 - 00000000 ____D () C:\Users\Forrest\AppData\Local\Akamai
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-30 20:57 - 2013-10-02 19:48 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 20:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-30 19:15 - 2013-10-02 07:38 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{89DB70AA-EBC6-444D-ABB0-3A85E8B3E75B}
2015-01-30 00:10 - 2013-10-02 07:45 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3308819416-815019441-780761082-1001
2015-01-29 22:57 - 2013-10-02 19:48 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-28 20:15 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-26 15:57 - 2014-10-13 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-25 13:54 - 2013-12-17 22:23 - 00000000 ____D () C:\Quarantine
2015-01-24 15:29 - 2013-10-06 21:01 - 00000000 ____D () C:\Users\Forrest\AppData\Roaming\uTorrent
2015-01-24 15:20 - 2014-12-11 14:13 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 15:20 - 2014-12-11 14:13 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 11:06 - 2014-12-04 17:40 - 00000000 ____D () C:\Users\Forrest
2015-01-22 19:42 - 2014-09-09 21:55 - 00000334 _____ () C:\WINDOWS\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job
2015-01-22 00:51 - 2013-10-02 04:04 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-21 21:04 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-20 23:10 - 2014-12-04 18:20 - 00000000 ____D () C:\Users\Forrest\OneDrive
2015-01-20 00:24 - 2013-11-26 18:39 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-20 00:22 - 2014-12-04 15:59 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-19 19:42 - 2013-12-14 10:46 - 00002146 _____ () C:\Users\Forrest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee VirusScan Scan Messages.lnk
2015-01-19 19:37 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-19 18:55 - 2014-06-21 19:42 - 00000000 ____D () C:\Users\Forrest\AppData\Local\Battle.net
2015-01-19 09:39 - 2014-06-21 19:44 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-19 04:08 - 2013-10-03 18:47 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-19 03:56 - 2013-10-03 18:47 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-18 10:09 - 2013-11-26 18:35 - 00000046 _____ () C:\Users\Forrest\jagex_cl_runescape_LIVE.dat
2015-01-18 10:04 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-15 22:11 - 2014-09-13 20:07 - 00000000 ____D () C:\Users\Forrest\AppData\Local\CrashDumps
2015-01-14 21:19 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-14 21:17 - 2012-09-13 04:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-14 21:16 - 2013-08-22 08:25 - 79167488 _____ () C:\WINDOWS\system32\config\software.rcbak
2015-01-14 21:16 - 2013-08-22 08:25 - 17039360 _____ () C:\WINDOWS\system32\config\system.rcbak
2015-01-14 21:16 - 2013-08-22 08:25 - 00262144 _____ () C:\WINDOWS\system32\config\default.rcbak
2015-01-14 21:16 - 2013-08-22 08:25 - 00028672 _____ () C:\WINDOWS\system32\config\sam.rcbak
2015-01-14 21:16 - 2013-08-22 08:25 - 00024576 _____ () C:\WINDOWS\system32\config\security.rcbak
2015-01-12 23:18 - 2014-11-22 19:41 - 00135384 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-12 23:17 - 2014-11-22 19:41 - 00096472 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-11 21:56 - 2013-12-03 18:15 - 00000000 ____D () C:\Users\Forrest\AppData\Roaming\vlc
2015-01-11 01:10 - 2013-12-16 14:22 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-10 19:44 - 2014-12-01 18:39 - 00000467 ____H () C:\Users\Forrest\Desktop\Nationwide SSL VPN.website
2015-01-10 19:39 - 2013-12-19 18:21 - 00003340 _____ () C:\WINDOWS\System32\Tasks\IE11
2015-01-10 12:44 - 2014-11-17 19:45 - 00000000 ____D () C:\Users\Forrest\Documents\Bills
2015-01-10 12:44 - 2013-10-18 18:26 - 00215552 ___SH () C:\Users\Forrest\Documents\Thumbs.db
2015-01-10 12:10 - 2014-06-28 13:53 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-01-10 11:56 - 2014-06-22 11:00 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-01-10 11:55 - 2014-06-22 10:57 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-01-10 09:22 - 2014-06-21 17:59 - 00000000 ____D () C:\Users\Forrest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-08 19:24 - 2014-01-18 12:51 - 00000000 ____D () C:\Users\Forrest\Documents\Alcohol 120% 2.0.2.5629 Final Retail Multilingual - {Cyclonoid}
2015-01-04 18:07 - 2014-09-24 02:15 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-04 16:56 - 2013-11-12 11:05 - 00000000 ____D () C:\Program Files\Recuva
2015-01-04 16:34 - 2014-01-23 15:27 - 00000000 ____D () C:\Users\Forrest\Documents\Work
2015-01-03 20:35 - 2014-06-26 18:08 - 00000000 ____D () C:\Program Files (x86)\Diablo III Public Test
2015-01-03 20:32 - 2014-06-21 19:42 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-01-02 22:05 - 2014-03-23 12:26 - 00000000 ____D () C:\Users\Forrest\AppData\Roaming\.StarMade
2015-01-02 21:43 - 2013-11-26 18:35 - 00000024 _____ () C:\Users\Forrest\random.dat
2015-01-02 20:24 - 2013-12-30 23:24 - 00000000 ____D () C:\Users\Forrest\Documents\The Hobbit - An Unexpected Journey 2012 Extended 1080p DTS-HighCode
2015-01-02 19:50 - 2014-11-14 21:35 - 00000000 ____D () C:\Users\Public\Documents\Arc
 
==================== Files in the root of some directories =======
 
2014-01-01 16:02 - 2014-06-30 18:15 - 0000096 _____ () C:\Users\Forrest\AppData\Roaming\Camdata.ini
2014-01-01 16:02 - 2014-06-30 18:15 - 0000408 _____ () C:\Users\Forrest\AppData\Roaming\CamLayout.ini
2014-01-01 16:02 - 2014-06-30 18:15 - 0000408 _____ () C:\Users\Forrest\AppData\Roaming\CamShapes.ini
2014-01-01 16:02 - 2014-06-30 18:15 - 0004535 _____ () C:\Users\Forrest\AppData\Roaming\CamStudio.cfg
2014-01-01 15:57 - 2014-06-30 18:13 - 0000096 _____ () C:\Users\Forrest\AppData\Roaming\version2.xml
2013-10-13 14:56 - 2013-10-13 15:02 - 0001057 _____ () C:\Users\Forrest\AppData\Roaming\vso_ts_preview.xml
2014-01-01 16:57 - 2014-01-01 16:57 - 0000027 _____ () C:\Users\Forrest\AppData\Roaming\WB.CFG
2014-12-03 11:48 - 2014-12-03 11:48 - 0007602 _____ () C:\Users\Forrest\AppData\Local\Resmon.ResmonCfg
2013-10-02 07:39 - 2014-09-04 08:39 - 0000331 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Files to move or delete:
====================
C:\Users\Forrest\jagex_cl_runescape_LIVE.dat
C:\Users\Forrest\jagex_cl_runescape_LIVE1.dat
C:\Users\Forrest\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Forrest\AppData\Local\Temp\Quarantine.exe
C:\Users\Forrest\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-22 05:11
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by Forrest at 2015-01-30 21:02:17
Running from C:\Users\Forrest\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Host Intrusion Prevention Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
2X Remote Application Server (HKLM-x32\...\{12C9DA9E-69E0-4DD3-B555-C86B04C95750}) (Version: 12.0.2392 - 2X Software Ltd.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 15 Pepper (HKLM-x32\...\Adobe Flash Player Pepper) (Version: 15.0.0.215 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Age of Conan (HKLM-x32\...\Age of Conan) (Version:  - )
Akamai NetSession Interface (HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alliance of Valiant Arms (HKLM-x32\...\Alliance of Valiant Arms) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.2.0 - AppEx Networks)
And Yet It Moves (HKLM-x32\...\Steam App 18700) (Version:  - Broken Rules)
AOMEI Partition Assistant Standard Edition 5.2 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - Aomei Technology Co., Ltd.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
Aura Kingdom (HKLM-x32\...\Aura Kingdom) (Version:  - )
AVG (HKLM\...\AvgZen) (Version: 1.0.445 - AVG Technologies)
AVG Zen (Version: 1.0.445 - AVG Technologies) Hidden
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9046 - )
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version:  - Gaijin Games)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Cave Story+ (HKLM-x32\...\Steam App 200900) (Version:  - Nicalis)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
ChaosHeroesOnline (HKLM-x32\...\ChaosHeroesOnline) (Version:  - )
Chrome Remote Desktop Host (HKLM-x32\...\{6FC79C95-F54F-4515-8012-01F33D894492}) (Version: 40.0.2214.44 - Google Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Cogs (HKLM-x32\...\Steam App 26500) (Version:  - Lazy 8 Studios)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Crayon Physics Deluxe (HKLM-x32\...\Steam App 26900) (Version:  - Kloonigames)
Cronous_JCPlanet v20141113 (HKLM-x32\...\Cronous_JCPlanet) (Version: v20141113 - GameOn)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defiance (HKLM-x32\...\Glyph Defiance) (Version:  - Trion Worlds, Inc.)
DeleteOnClick (HKLM\...\DeleteOnClick_is1) (Version:  - 2BrightSparks)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version:  - Blizzard Entertainment)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.84 - DivX, LLC)
DriverMax 7 (HKLM-x32\...\DMX5_is1) (Version: 7.45.0.740 - Innovative Solutions)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - Trendy Entertainment)
Eden Eternal (HKLM-x32\...\Eden Eternal) (Version:  - )
Elsword (HKLM-x32\...\Elsword) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
FMW 1 (Version: 1.0.307 - AVG Technologies) Hidden
Freemake Video Converter version 4.0.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.4 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.6.2 - Ellora Assets Corporation)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gratuitous Space Battles (HKLM-x32\...\Steam App 41800) (Version:  - Positech Games)
Hammerfight (HKLM-x32\...\Steam App 41100) (Version:  - Konstantin Koshutin)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
Jamestown (HKLM-x32\...\Steam App 94200) (Version:  - Final Form Games)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Juniper Networks Host Checker (HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\Neoteris_Host_Checker) (Version: 7.4.0.31481 - Juniper Networks)
Juniper Networks Secure Application Manager (HKLM-x32\...\Neoteris_Secure_Application_Manager) (Version: 7.4.0.31481 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\Juniper_Setup_Client) (Version: 7.4.11.47145 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
K-Lite Codec Pack 10.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
League of Angels version 2.1.1 (HKLM-x32\...\{5F5CDBCD-CA12-4C28-84CC-897BB1443117}_is1) (Version: 2.1.1 - YOUZU Games Hongkong Limited)
Legend of Grimrock (HKLM-x32\...\Steam App 207170) (Version:  - Almost Human Games)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Maestia (HKLM-x32\...\Maestia) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Agent (HKLM-x32\...\{EBF3D65F-011E-44D2-8F4F-C74B52682EDD}) (Version: 4.8.0.1500 - McAfee, Inc.)
McAfee Host Intrusion Prevention (HKLM\...\{D2B9C003-A3CD-44A0-9DE5-52FE986C03E5}_Uninst) (Version: 8.00.0402 - McAfee, Inc.)
McAfee Host Intrusion Prevention (Version: 8.00.0402 - McAfee, Inc.) Hidden
McAfee Host Intrusion Prevention (x32 Version: 8.00.0000 - McAfee, Inc.) Hidden
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.04001 - McAfee, Inc.)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft1.8 (HKLM-x32\...\Minecraft1.8) (Version:  - )
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music AlarmClock v2.1.0 (HKLM-x32\...\{BEEB434F-CAFE-4708-BE3A-7C61587FA8C8}) (Version: 2.1.0 - B. Whittington Yuille)
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF to ePub Converter 3.0.6 (HKLM-x32\...\PDF to ePub Converter_is1) (Version:  - DONGSOFT Company, Inc.)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version:  - Uber Entertainment)
Plex Media Server (HKLM-x32\...\{320e1eaa-7462-4b47-af2c-1539ff68bfa5}) (Version: 0.9.912 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.912 - Plex, Inc.) Hidden
PSeMu3 (HKLM-x32\...\PSeMu3) (Version: 0.9.5.2 - Playstation3emulator.net)
Ragnarok Online 2 (HKLM-x32\...\Ragnarok Online 2) (Version:  - )
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
RIFT (HKLM-x32\...\Glyph RIFT) (Version:  - Trion Worlds, Inc.)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
ScarletBlade (HKLM-x32\...\ScarletBlade) (Version:  - )
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Shaiya (HKLM-x32\...\Shaiya) (Version:  - )
Soldier Front 2 (HKLM-x32\...\Soldier Front 2) (Version:  - )
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Star Wars®: Knights of the Old Republic ™ (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Swiff Player 1.7.2 (HKLM-x32\...\Swiff Player_is1) (Version: 1.7.2 - GlobFX Technologies)
System Requirements Lab CYRI (HKLM-x32\...\{1110A014-1471-4B66-BFDC-E8EED120CC59}) (Version: 6.0.20.0 - Husdawg, LLC)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Long Dark (HKLM-x32\...\Steam App 305620) (Version:  - Hinterland Studio Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VVVVVV (HKLM-x32\...\Steam App 70300) (Version:  - Terry Cavanagh)
Watchtower Library 2012 - English (HKLM-x32\...\{11B5A3EB-8B76-46A9-A4B7-1C1FF5A3AAFD}) (Version: 14.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Windows 8 Manager (HKLM\...\{BDACD6D6-0D4F-49C2-93E4-92407EB87696}) (Version: 2.0.1 - Yamicsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Wizorb (HKLM-x32\...\Steam App 207420) (Version:  - Tribute Games)
World of Goo (HKLM-x32\...\Steam App 22000) (Version:  - 2D BOY)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
20-01-2015 23:08:42 End of disinfection
28-01-2015 05:25:35 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-01-18 10:11 - 2015-01-18 10:11 - 00000831 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {03D6963D-8145-406C-A57F-86DF24849905} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {100C89FC-E4A2-4D91-B9B9-898B33745B0F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {12958D5C-ACFD-440E-BB16-B4AD5F17DA8A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-19] (Microsoft Corporation)
Task: {2A93EB1C-9B91-496F-AAB4-2EA67B050BFE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {3F779AFA-0429-46F3-917E-053C854CAA03} - System32\Tasks\IE10 => reg
Task: {4AA17922-8E4F-440E-834D-E3F6FA168BED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-02] (Google Inc.)
Task: {588C41C6-3201-4007-85DF-FD117DC77340} - System32\Tasks\DivX online update program => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-08-28] ()
Task: {85153DBB-3AC8-41DA-ADD2-B463DEE4D8C3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {AB073268-C365-4591-80F8-F6BF61E9F900} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-02] (Google Inc.)
Task: {C37C5ED0-4DC2-41C7-9419-E809419CB722} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {C7FB2A15-5441-45BC-81C0-4F2D4172430D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {CE7516F8-87A0-4596-916A-C4D4D3222FF9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {D706F4A0-265D-481E-A347-215EE854F091} - System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe [2014-11-17] (Innovative Solutions)
Task: {F3A613A9-CDB6-4107-BA3D-AFD566763C17} - System32\Tasks\IE11 => reg
Task: C:\WINDOWS\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-09-15 18:13 - 2014-09-15 18:13 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2007-04-18 18:30 - 2007-04-18 18:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 18:30 - 2007-04-18 18:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2014-12-05 02:02 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-05 02:02 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-26 20:58 - 2015-01-25 01:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-26 20:58 - 2015-01-25 01:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-26 20:58 - 2015-01-25 01:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:FB1B13D8
AlternateDataStreams: C:\Users\Forrest\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "NWepo.lnk"
HKLM\...\StartupApproved\Run: => "BeatsOSDApp"
HKLM\...\StartupApproved\Run: => "LogMeIn GUI"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "CitrixReceiver"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\StartupApproved\Run: => "cdloader"
HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\StartupApproved\Run: => "AlcoholAutomount"
HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\StartupApproved\Run: => "DriverMax"
HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\StartupApproved\Run: => "DriverMax_RESTART"
HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\StartupApproved\Run: => "Plex Media Server"
HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\StartupApproved\Run: => "Spybot-S&D Cleaning"
HKU\S-1-5-21-3308819416-815019441-780761082-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3308819416-815019441-780761082-500 - Administrator - Disabled)
Forrest (S-1-5-21-3308819416-815019441-780761082-1001 - Administrator - Enabled) => C:\Users\Forrest
Guest (S-1-5-21-3308819416-815019441-780761082-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3308819416-815019441-780761082-1003 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/30/2015 08:59:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (01/30/2015 03:36:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/30/2015 03:36:18 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
 
Error: (01/30/2015 03:31:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/30/2015 03:31:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
 
Error: (01/29/2015 04:58:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/29/2015 04:58:10 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
 
Error: (01/28/2015 05:23:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/28/2015 05:23:26 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
 
Error: (01/28/2015 05:19:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (01/30/2015 09:03:13 PM) (Source: DCOM) (EventID: 10010) (User: HYAKKASEIHOU)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/28/2015 08:23:59 PM) (Source: DCOM) (EventID: 10010) (User: HYAKKASEIHOU)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/28/2015 08:23:29 PM) (Source: DCOM) (EventID: 10010) (User: HYAKKASEIHOU)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/28/2015 08:22:59 PM) (Source: DCOM) (EventID: 10010) (User: HYAKKASEIHOU)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/28/2015 08:22:29 PM) (Source: DCOM) (EventID: 10010) (User: HYAKKASEIHOU)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/24/2015 03:43:34 PM) (Source: DCOM) (EventID: 10010) (User: HYAKKASEIHOU)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/24/2015 03:43:04 PM) (Source: DCOM) (EventID: 10010) (User: HYAKKASEIHOU)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/24/2015 03:41:38 PM) (Source: DCOM) (EventID: 10010) (User: HYAKKASEIHOU)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/24/2015 03:41:08 PM) (Source: DCOM) (EventID: 10010) (User: HYAKKASEIHOU)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/24/2015 03:40:38 PM) (Source: DCOM) (EventID: 10010) (User: HYAKKASEIHOU)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
 
Microsoft Office Sessions:
=========================
Error: (01/30/2015 08:59:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files\CCleaner\CCleaner64.exe
 
Error: (01/30/2015 03:36:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe
 
Error: (01/30/2015 03:36:18 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestc:\program files\ccleaner\CCleaner.exe
 
Error: (01/30/2015 03:31:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe
 
Error: (01/30/2015 03:31:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestc:\program files\ccleaner\CCleaner.exe
 
Error: (01/29/2015 04:58:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe
 
Error: (01/29/2015 04:58:10 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestc:\program files\ccleaner\CCleaner.exe
 
Error: (01/28/2015 05:23:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe
 
Error: (01/28/2015 05:23:26 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestc:\program files\ccleaner\CCleaner.exe
 
Error: (01/28/2015 05:19:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-5500 APU with Radeon™ HD Graphics 
Percentage of memory in use: 25%
Total physical RAM: 5527.5 MB
Available physical RAM: 4144 MB
Total Pagefile: 6871.5 MB
Available Pagefile: 4678.73 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:910.21 GB) (Free:114.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:19.38 GB) (Free:2.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DCF32966)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

 

Attached Files



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:26 PM

Posted 31 January 2015 - 03:28 PM

Greetings,

Thanks for posting the information. The first thing I would like you to do is cut/paste FRST.exe from the Downloads folder to the Desktop.

Running from C:\Users\Forrest\Downloads


Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3308819416-815019441-780761082-1001 -> {5258D3B8-142E-42F7-9364-C3FD087834AA} URL = 
SearchScopes: HKU\S-1-5-21-3308819416-815019441-780761082-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
U3 mfeavfk01; No ImagePath
C:\Users\Forrest\jagex_cl_runescape_LIVE.dat
C:\Users\Forrest\jagex_cl_runescape_LIVE1.dat
C:\Users\Forrest\random.dat
C:\Users\Forrest\AppData\Local\Temp\Quarantine.exe
C:\Users\Forrest\AppData\Local\Temp\sqlite3.dll
Task: {3F779AFA-0429-46F3-917E-053C854CAA03} - System32\Tasks\IE10 => reg
Task: {F3A613A9-CDB6-4107-BA3D-AFD566763C17} - System32\Tasks\IE11 => reg
C:\WINDOWS\System32\Tasks\IE11
C:\WINDOWS\System32\Tasks\IE10
AlternateDataStreams: C:\ProgramData\Temp:FB1B13D8
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Kryptotrigger

Kryptotrigger
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 31 January 2015 - 09:42 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by Forrest at 2015-01-31 21:40:23 Run:1
Running from C:\Users\Forrest\Desktop
Loaded Profiles: Forrest (Available profiles: Forrest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3308819416-815019441-780761082-1001 -> {5258D3B8-142E-42F7-9364-C3FD087834AA} URL = 
SearchScopes: HKU\S-1-5-21-3308819416-815019441-780761082-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
U3 mfeavfk01; No ImagePath
C:\Users\Forrest\jagex_cl_runescape_LIVE.dat
C:\Users\Forrest\jagex_cl_runescape_LIVE1.dat
C:\Users\Forrest\random.dat
C:\Users\Forrest\AppData\Local\Temp\Quarantine.exe
C:\Users\Forrest\AppData\Local\Temp\sqlite3.dll
Task: {3F779AFA-0429-46F3-917E-053C854CAA03} - System32\Tasks\IE10 => reg
Task: {F3A613A9-CDB6-4107-BA3D-AFD566763C17} - System32\Tasks\IE11 => reg
C:\WINDOWS\System32\Tasks\IE11
C:\WINDOWS\System32\Tasks\IE10
AlternateDataStreams: C:\ProgramData\Temp:FB1B13D8
*****************
 
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3308819416-815019441-780761082-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5258D3B8-142E-42F7-9364-C3FD087834AA}" => Key deleted successfully.
HKCR\CLSID\{5258D3B8-142E-42F7-9364-C3FD087834AA} => Key not found. 
"HKU\S-1-5-21-3308819416-815019441-780761082-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found. 
mfeavfk01 => Service deleted successfully.
C:\Users\Forrest\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Forrest\jagex_cl_runescape_LIVE1.dat => Moved successfully.
C:\Users\Forrest\random.dat => Moved successfully.
"C:\Users\Forrest\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Forrest\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F779AFA-0429-46F3-917E-053C854CAA03}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F779AFA-0429-46F3-917E-053C854CAA03}" => Key deleted successfully.
C:\Windows\System32\Tasks\IE10 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IE10" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3A613A9-CDB6-4107-BA3D-AFD566763C17}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3A613A9-CDB6-4107-BA3D-AFD566763C17}" => Key deleted successfully.
C:\Windows\System32\Tasks\IE11 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IE11" => Key deleted successfully.
"C:\WINDOWS\System32\Tasks\IE11" => File/Directory not found.
"C:\WINDOWS\System32\Tasks\IE10" => File/Directory not found.
C:\ProgramData\Temp => ":FB1B13D8" ADS removed successfully.
 
==== End of Fixlog 21:40:24 ====
 
No update on performance yet. It happens randomly, I will let you know. 


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:26 PM

Posted 01 February 2015 - 03:21 PM

Thanks, after we see how your computer is behaving we will determine our next steps.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Kryptotrigger

Kryptotrigger
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 01 February 2015 - 03:32 PM

well, so far so good. It's been about a day and no slow down as of yet. If you'd like, I could give it another day to be sure and we could go from there.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:26 PM

Posted 01 February 2015 - 03:39 PM

Very nice! :thumbsup2:

We will monitor it but also do some work in the meantime. Please do these things.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Kryptotrigger

Kryptotrigger
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 03 February 2015 - 10:46 PM

C:\Users\Forrest\Downloads\drivermax_7_49_cnet.exe a variant of Win32/OpenCandy.C potentially unsafe application deleted - quarantined
 
 
 Results of screen317's Security Check version 0.99.96  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
McAfee VirusScan Enterprise   
Windows Defender              
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Secunia PSI (3.0.0.10004)   
 Java 7 Update 75  
 Java 8 Update 25  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Reader XI  
 Google Chrome (40.0.2214.93) 
 Google Chrome (40.0.2214.94) 
 Google Chrome (Plugins...) 
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 McAfee VirusScan Enterprise VsTskMgr.exe  
 McAfee VirusScan Enterprise mfeann.exe  
 McAfee VirusScan Enterprise x64 SCAN64.EXE 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

computer is still very slow



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:26 PM

Posted 03 February 2015 - 11:30 PM

Greetings,
 

computer is still very slow

Is it slow to boot, run programs, load web pages, etc.?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Description of slowdown
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:26 PM

Posted 07 February 2015 - 08:47 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users