Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to run Rkill, malware bytes, also get blue screen


  • This topic is locked This topic is locked
76 replies to this topic

#1 chompa83

chompa83

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 28 January 2015 - 04:32 AM

Sorry accidentally ended up with 2 identical threads had a error first time posting must of still ended up processing.
Hi I started a thread here http://www.bleepingcomputer.com/forums/t/564818/cant-run-rkill-or-anti-virus-software/page-2, im not sure exactly what im infected with but what ever it is, i cant run anti virus software, could not run rkill, couldnt run JRT, malwarebytes anti root, or eset scan, as advised previously. Also was advised to remove ad aware and avg, they show up in the windows uninstall tool but nothing happens, and they dont show in revo!
 
I did a 9 lab scan and this file didnt get cleaned Rootkit.RPL.Gen.vb [\secfile]
 
Also i get blue screen, i got it when trying to load a character in World of Warcraft, and the other was when i tried to update Java. I was able to take a picture of one of the blue screens which i attached along with the "Addition.txt" from the FRST scan!
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Adrian (administrator) on ADRIAN-PC on 28-01-2015 19:06:09
Running from C:\Users\Adrian\Desktop
Loaded Profiles: Adrian (Available profiles: Adrian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
() C:\Program Files (x86)\Ttesports\MEKA G UNIT\MEKA G Unit HID.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3D\Sound Blaster Recon3D Control Panel\SBRecon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(OSD) C:\Program Files (x86)\Ttesports\MEKA G UNIT\OSD.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2345848 2009-11-11] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2320752 2009-11-11] (Microsoft Corporation)
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-26] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => CTHELPER.EXE
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Bing Bar] => C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe [243544 2010-04-27] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-03-23] (Nullsoft, Inc.)
HKLM-x32\...\Run: [B2C_AGENT] => C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2012-03-28] (LG Electronics)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [Razer Mamba Elite Driver] => C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe [973720 2011-11-25] (Razer USA Ltd)
HKLM-x32\...\Run: [Ttesports] => C:\Program Files (x86)\Ttesports\MEKA G UNIT\MEKA G Unit HID.exe [1673216 2011-07-07] ()
HKLM-x32\...\Run: [Sound Blaster Recon3D Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3D\Sound Blaster Recon3D Control Panel\SBRecon.exe [3526144 2011-08-25] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-4166316762-607454834-2387640162-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
HKU\S-1-5-21-4166316762-607454834-2387640162-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-19] (Valve Corporation)
HKU\S-1-5-21-4166316762-607454834-2387640162-1000\...\Run: [BitTorrent] => C:\Users\Adrian\AppData\Roaming\BitTorrent\BitTorrent.exe [1381208 2014-12-15] (BitTorrent Inc.)
HKU\S-1-5-21-4166316762-607454834-2387640162-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [40688 2015-01-15] (Overwolf LTD)
HKU\S-1-5-21-4166316762-607454834-2387640162-1000\...\Run: [uTorrent] => C:\Users\Adrian\AppData\Roaming\uTorrent\updates\3.4.2_32239.exe [1329744 2014-09-05] (BitTorrent Inc.)
HKU\S-1-5-21-4166316762-607454834-2387640162-1000\...\MountPoints2: D - D:\Autorun.exe
HKU\S-1-5-21-4166316762-607454834-2387640162-1000\...\MountPoints2: {37ae97dd-9c25-11df-9532-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-4166316762-607454834-2387640162-1000\...\MountPoints2: {9c23645a-b48f-11df-99c9-00a0c6000000} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4166316762-607454834-2387640162-1000\...\MountPoints2: {9c236463-b48f-11df-99c9-00a0c6000000} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4166316762-607454834-2387640162-1000\...\MountPoints2: {9c2364bd-b48f-11df-99c9-00a0c6000000} - E:\setup_vmc_lite.exe /checkApplicationPresence
Startup: C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
URLSearchHook: HKU\S-1-5-21-4166316762-607454834-2387640162-1000 - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4166316762-607454834-2387640162-1000 -> No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{E99B2559-49C7-4B82-AFFB-312EB6C11B20}: [NameServer] 208.67.222.220,208.67.220.222

FireFox:
========
FF ProfilePath: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\wetylpqn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Adrian\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4166316762-607454834-2387640162-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Adrian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Lavasoft Search Plugin - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\wetylpqn.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-04-04]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011-03-22]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2012-06-09]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-11-16]
FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack
FF Extension: AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack [2012-06-09]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [fooihgffjknjfdidhkpgeibbipkjlhpn] - C:\Users\Adrian\AppData\Local\Temp\ccex.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files (x86)\AVG\AVG2012\Chrome\donottrack.crx [2012-04-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-12-11] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-08-01] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2012-12-11] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-07] (McAfee, Inc.)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-26] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-26] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-01-15] (Overwolf LTD)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2014-11-04] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-22] (AVG Technologies)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-07-23] (Huawei Technologies Co., Ltd.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-04] (GFI Software)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1758208 2011-08-28] (Creative Technology Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-27] (Malwarebytes Corporation)
R3 MK1FLTR; C:\Windows\System32\Drivers\MK1FLTR.sys [31104 2011-04-24] ()
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-04-01] (NVIDIA Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
S0 Lbd; system32\DRIVERS\Lbd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 19:06 - 2015-01-28 19:06 - 00024731 _____ () C:\Users\Adrian\Desktop\FRST.txt
2015-01-28 19:05 - 2015-01-28 19:06 - 00000000 ____D () C:\FRST
2015-01-28 18:53 - 2015-01-28 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-01-28 18:46 - 2015-01-28 18:53 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2015-01-28 18:40 - 2015-01-28 18:43 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Adrian\Downloads\cbSetup.exe
2015-01-28 18:38 - 2015-01-28 18:37 - 02129920 _____ (Farbar) C:\Users\Adrian\Desktop\FRST64.exe
2015-01-28 18:37 - 2015-01-28 18:37 - 02129920 _____ (Farbar) C:\Users\Adrian\Downloads\FRST64.exe
2015-01-28 18:24 - 2015-01-28 18:24 - 02347384 _____ (ESET) C:\Users\Adrian\Downloads\esetsmartinstaller_enu(1).exe
2015-01-28 18:24 - 2015-01-28 18:24 - 02347384 _____ (ESET) C:\Users\Adrian\Desktop\esetsmartinstaller_enu.exe
2015-01-28 18:23 - 2015-01-28 18:24 - 02347384 _____ (ESET) C:\Users\Adrian\Downloads\esetsmartinstaller_enu.exe
2015-01-28 18:17 - 2015-01-28 18:17 - 03565232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-28 17:39 - 2015-01-28 17:39 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\9-lab
2015-01-28 17:37 - 2015-01-28 17:37 - 00000934 _____ () C:\Users\Public\Desktop\Removal Tool.lnk
2015-01-28 17:37 - 2015-01-28 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2015-01-28 17:37 - 2015-01-28 17:37 - 00000000 ____D () C:\ProgramData\9-lab
2015-01-28 17:37 - 2015-01-28 17:37 - 00000000 ____D () C:\Program Files\9-lab
2015-01-28 17:34 - 2015-01-28 17:26 - 06003400 _____ () C:\Users\Adrian\Desktop\rmtool-setup-x64.exe
2015-01-28 17:32 - 2015-01-28 17:32 - 00001264 _____ () C:\Users\Adrian\Desktop\Revo Uninstaller.lnk
2015-01-28 17:32 - 2015-01-28 17:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-28 17:26 - 2015-01-28 17:26 - 06003400 _____ () C:\Users\Adrian\Downloads\rmtool-setup-x64.exe
2015-01-28 17:24 - 2015-01-28 17:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Adrian\Downloads\revosetup.exe
2015-01-28 17:21 - 2015-01-28 17:21 - 00852573 _____ () C:\Users\Adrian\Downloads\SecurityCheck.exe
2015-01-28 17:20 - 2015-01-28 17:18 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Adrian\Desktop\mbar-1.08.3.1004.exe
2015-01-28 17:18 - 2015-01-28 17:18 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Adrian\Downloads\mbar-1.08.3.1004.exe
2015-01-28 17:11 - 2015-01-28 17:11 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-01-28 17:11 - 2015-01-28 17:11 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-01-28 17:11 - 2015-01-28 17:09 - 00753184 _____ () C:\Users\Adrian\Desktop\Adware-Removal-Tool-v3.9.1.exe
2015-01-28 17:09 - 2015-01-28 17:09 - 00753184 _____ () C:\Users\Adrian\Downloads\Adware-Removal-Tool-v3.9.1.exe
2015-01-28 16:58 - 2015-01-28 17:00 - 00000000 ____D () C:\AdwCleaner
2015-01-28 16:58 - 2015-01-28 16:58 - 02194432 _____ () C:\Users\Adrian\Downloads\AdwCleaner.exe
2015-01-28 16:58 - 2015-01-28 16:58 - 02194432 _____ () C:\Users\Adrian\Desktop\AdwCleaner.exe
2015-01-28 16:53 - 2015-01-28 16:50 - 01707939 _____ (Thisisu) C:\Users\Adrian\Desktop\JRT.exe
2015-01-28 16:51 - 2015-01-28 16:51 - 00000000 ____D () C:\Windows\ERUNT
2015-01-28 16:50 - 2015-01-28 16:50 - 01707939 _____ (Thisisu) C:\Users\Adrian\Downloads\JRT.exe
2015-01-28 16:49 - 2015-01-28 16:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 16:48 - 2015-01-28 16:48 - 00044587 _____ () C:\Users\Adrian\Downloads\Result.txt
2015-01-28 16:38 - 2015-01-28 16:38 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Adrian\Downloads\rkill.scr
2015-01-28 16:38 - 2015-01-28 16:38 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Adrian\Downloads\rkill.exe
2015-01-28 16:37 - 2015-01-28 16:37 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Adrian\Downloads\rkill.com
2015-01-28 16:25 - 2015-01-28 16:25 - 01233116 _____ () C:\Windows\system32\CFG1555059420
2015-01-28 16:24 - 2015-01-28 16:24 - 00002267 _____ () C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
2015-01-28 16:24 - 2015-01-28 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2015-01-28 16:24 - 2015-01-28 16:24 - 00000000 ____D () C:\Program Files (x86)\TP-LINK
2015-01-28 16:19 - 2015-01-28 16:19 - 00271792 _____ () C:\Windows\Minidump\012815-23041-01.dmp
2015-01-28 16:18 - 2015-01-28 16:18 - 376755629 _____ () C:\Windows\MEMORY.DMP
2015-01-27 20:21 - 2015-01-27 20:21 - 00000000 ____D () C:\Users\Adrian\Downloads\The Originals S02E05 HDTV x264-LOL[ettv]
2015-01-20 17:13 - 2015-01-20 17:15 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\TP-LINK
2015-01-14 08:06 - 2015-01-28 18:49 - 00000896 _____ () C:\Windows\setupact.log
2015-01-14 08:06 - 2015-01-14 08:06 - 00000000 _____ () C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 10:17 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\registration
2015-01-28 19:01 - 2009-07-14 15:13 - 00006214 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 19:01 - 2009-07-14 14:45 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 19:01 - 2009-07-14 14:45 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 18:58 - 2010-07-30 17:01 - 01657450 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 18:56 - 2014-03-05 12:30 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-01-28 18:56 - 2010-07-30 17:04 - 00000199 _____ () C:\service.log
2015-01-28 18:55 - 2011-02-14 19:29 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-28 18:51 - 2014-03-05 12:24 - 00000000 ____D () C:\Users\Adrian\AppData\Local\Overwolf
2015-01-28 18:51 - 2010-09-28 14:56 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\BitTorrent
2015-01-28 18:50 - 2011-11-29 08:23 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-28 18:49 - 2012-03-15 21:53 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\uTorrent
2015-01-28 18:49 - 2011-02-14 19:29 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-28 18:49 - 2010-07-30 17:08 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-01-28 18:48 - 2012-05-29 19:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 18:48 - 2010-07-31 21:31 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-28 18:48 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 18:17 - 2012-05-29 19:52 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-28 18:17 - 2012-05-29 19:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-28 18:17 - 2012-05-29 19:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-28 17:27 - 2012-05-10 09:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 17:02 - 2010-07-31 21:39 - 00275268 _____ () C:\Windows\PFRO.log
2015-01-28 16:24 - 2012-03-26 14:18 - 00000000 ____D () C:\ProgramData\TP-LINK
2015-01-28 16:21 - 2010-07-30 17:01 - 00000000 ____D () C:\Users\Adrian
2015-01-28 16:19 - 2011-03-14 09:52 - 00000000 ____D () C:\Windows\Minidump
2015-01-28 14:48 - 2014-03-13 08:53 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\Battle.net
2015-01-28 14:48 - 2014-01-10 08:07 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\Skype
2015-01-28 14:48 - 2014-01-01 10:22 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-01-28 14:48 - 2014-01-01 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-28 14:48 - 2012-05-29 19:52 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-28 14:48 - 2012-05-16 09:27 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-28 14:48 - 2011-02-01 20:33 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\vlc
2015-01-28 14:48 - 2010-12-09 20:32 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2015-01-28 14:48 - 2010-08-12 16:36 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-28 14:48 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-28 14:48 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-28 14:47 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-01-28 14:44 - 2012-06-09 09:23 - 00000000 ____D () C:\ProgramData\AVG2012
2015-01-28 14:43 - 2013-06-12 19:46 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-28 14:43 - 2013-03-01 09:55 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-28 14:43 - 2010-07-31 13:40 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-28 14:25 - 2014-03-13 08:53 - 00000000 ____D () C:\Users\Adrian\AppData\Local\Battle.net
2015-01-28 08:14 - 2014-01-01 10:22 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-22 23:06 - 2014-03-05 12:24 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\TS3Client
2015-01-15 00:20 - 2013-07-29 23:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 23:12 - 2010-09-28 14:58 - 00000000 ____D () C:\Users\Adrian\Downloads\Bittorent
2015-01-14 08:07 - 2013-04-04 10:00 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-01-13 08:33 - 2013-09-26 20:37 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\Ventrilo
2015-01-05 11:05 - 2013-12-26 18:57 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\Mumble

==================== Files in the root of some directories =======

2014-03-25 09:03 - 2014-06-24 09:05 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-10-28 21:51 - 2013-10-28 21:51 - 0000047 _____ () C:\Users\Adrian\AppData\Roaming\mbam.context.scan
2014-09-24 15:44 - 2014-09-24 15:48 - 0016896 ___SH () C:\Users\Adrian\AppData\Roaming\Thumbs.db
2010-09-16 23:30 - 2010-11-03 20:56 - 0211323 _____ () C:\Users\Adrian\AppData\Roaming\UserTile.png
2010-07-31 14:04 - 2012-03-26 10:04 - 0000840 _____ () C:\Users\Adrian\AppData\Local\RT2860_{1E578097-C1FF-4C2E-9CBE-F38E8774173E}_prof
2010-07-31 14:04 - 2012-03-26 10:04 - 0000866 _____ () C:\Users\Adrian\AppData\Local\RT2860_{1E578097-C1FF-4C2E-9CBE-F38E8774173E}_sta
2010-07-31 13:56 - 2011-08-06 09:14 - 0001000 _____ () C:\Users\Adrian\AppData\Local\RT2860_{1E578097-C1FF-4C2E-9CBE-F38E8774173E}_wsc
2011-06-18 22:25 - 2011-06-18 22:25 - 0000000 _____ () C:\Users\Adrian\AppData\Local\{ACA5956B-40C4-4255-827B-3391E2B707C4}
2011-06-19 21:00 - 2011-06-19 21:00 - 0000000 _____ () C:\Users\Adrian\AppData\Local\{BEB5AD6E-59DD-476D-B11B-A5494EDD25A2}
2011-09-13 19:29 - 2011-09-13 19:29 - 0000000 _____ () C:\Users\Adrian\AppData\Local\{C8BB98BE-E9E2-468D-80DA-6ACCF357A1D6}
2012-12-11 14:11 - 2010-11-26 13:07 - 0000806 _____ () C:\ProgramData\CfSB1300.ini

Some content of TEMP:
====================
C:\Users\Adrian\AppData\Local\Temp\ose00000.exe
C:\Users\Adrian\AppData\Local\Temp\Tsu-1A0C.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 23:41

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Adrian at 2015-01-28 19:06:45
Running from C:\Users\Adrian\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4166316762-607454834-2387640162-1000\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version: - )
Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft)
AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{4FBB2E98-1A3B-396A-A662-73E17009C076}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2249 - AVG Technologies)
AVG 2012 (Version: 12.0.4257 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2249 - AVG Technologies) Hidden
AVS Screen Capture version 1.1.2 (HKLM-x32\...\AVS Screen Capture_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Editor 5 (HKLM-x32\...\AVS Video Editor_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Recorder 2.4 (HKLM-x32\...\AVS Video Recorder_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 5.0.1449.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 5.0.1449.0 - Microsoft Corporation) Hidden
BitTorrent (HKU\S-1-5-21-4166316762-607454834-2387640162-1000\...\BitTorrent) (Version: 7.9.2.36804 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty® - World at War™ (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision)
Call of Duty® - World at War™ (x32 Version: 1.0 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision)
Call of Duty® 4 - Modern Warfare™ (x32 Version: 1.00.0000 - Activision) Hidden
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.4.0.1 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon PowerShot ELPH 300 HS_IXUS 220 HS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSELPH300HS_IXUS220HS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.4.0.3 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.5.0.2 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.4.0.2 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )
Counter-Strike: Global Offensive Beta (HKLM-x32\...\Steam App 730) (Version: - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio Console (HKLM-x32\...\AudioCS) (Version: 1.33 - Creative Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - )
EasySaver B9.0904.1 (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
e-tax 2013 (HKLM-x32\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.8.509 - Australian Taxation Office)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.47.5133 - Gretech Corporation)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{474A8F3F-863A-4FCC-91F0-47A61E06FEC9}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{855D3D91-0743-4B75-B469-D45FF68D42BB}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Media Player Codec Pack 3.9.6 (HKLM-x32\...\Media Player - Codec Pack) (Version: - Media Player Codec Pack)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft IntelliPoint 7.1 (HKLM\...\{5EBE0F1F-45DF-4298-AC6B-E8E54EAEC834}) (Version: 7.10.344.0 - Microsoft)
Microsoft IntelliType Pro 7.1 (HKLM\...\{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}) (Version: 7.10.344.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version: - Unknown Worlds Entertainment)
Nero 8 Essentials (HKLM-x32\...\{B661D1BD-5C0C-4EF1-A801-B5699AD41033}) (Version: 8.3.200 - Nero AG)
NVIDIA 3D Vision Controller Driver 344.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.46 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.48 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.48 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.82.106.0 - Overwolf Ltd.)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12952.91 - raidcall.com)
Razer Mamba (2012) Firmware Updater (HKLM-x32\...\{FBE577F7-8181-48EC-9676-6257228C18FF}) (Version: 1.07.00 - Razer USA Ltd.)
Razer Mamba (HKLM-x32\...\{BF60B320-3AA3-4DFB-B542-BDA6D4F1A60E}) (Version: 2.01.05 - Razer USA Ltd.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Sound Blaster Recon3D (HKLM-x32\...\{CEB6BB02-E2CD-4B8A-B662-986636D43EC1}) (Version: 1.00.07 - Creative Technology Ltd)
Sound Blaster Recon3D Extras (HKLM-x32\...\{BB924174-FB22-41AD-B627-D609F86C18E0}) (Version: 1.0 - Creative Technology Limited)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{FDA7E907-6539-42C1-9721-0239C281B336}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Client Utility (HKLM-x32\...\{1E58B969-9BB4-4012-8D8B-D06005D1CD24}) (Version: 7.0 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Tt eSPORTS MEKA G Unit gaming keyboard Driver V1.0 (HKLM-x32\...\{B309FBB9-A400-4865-BD46-29276E27B94A}_is1) (Version: - Ttesports Inc.)
Unity Web Player (HKU\S-1-5-21-4166316762-607454834-2387640162-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-4166316762-607454834-2387640162-1000\...\Warcraft III) (Version: - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.61 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-4166316762-607454834-2387640162-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows 7 Codec Pack 2.7.0 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: - Windows 7 Codec Pack)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WMPKeys (HKLM-x32\...\{5D4B3647-9842-4875-B081-EF8D98C02865}) (Version: 1.2.0.0 - lazymf and kbept)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4166316762-607454834-2387640162-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points =========================

20-01-2015 16:50:07 Windows Update
20-01-2015 17:10:47 Installed TP-LINK Wireless Configuration Utility and Driver
20-01-2015 17:12:52 Installed TP-LINK Wireless Configuration Utility
28-01-2015 15:03:00 Installed TP-LINK Wireless Configuration Utility and Driver
28-01-2015 15:04:48 Installed TP-LINK Wireless Configuration Utility
28-01-2015 17:43:31 Windows Update

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {23538779-8E04-4D30-A5DB-383D0A52149F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {38F19DFE-3472-4D34-AB24-38310410D1FC} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-01-15] (Overwolf LTD)
Task: {48029387-1FC5-41E8-93DF-24B80D1770E6} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2009-11-11] (Microsoft Corporation)
Task: {507DEB78-3A8D-4488-A1F8-12B802903DB0} - System32\Tasks\{329C8F65-2B7A-43D2-AAFC-4ED2498ED77D} => pcalua.exe -a "C:\Games\Warcraft III\vcredist_x86.exe" -d "C:\Games\Warcraft III"
Task: {5A2A8329-AD0D-4162-84D1-248D648D93D8} - System32\Tasks\{012E824C-F3CA-4064-9AF3-5EB6B7A3C3E6} => C:\Games\Warcraft III\Frozen Throne.exe [2011-05-12] (Blizzard Entertainment)
Task: {5BCCC097-43F9-4390-B127-3A2E3C5B3747} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6234A5EB-070A-4FA0-A1D0-1A80AF23C14E} - System32\Tasks\{3A2BCECB-46D5-43D6-A753-95E529334648} => pcalua.exe -a C:\Users\Adrian\Downloads\coreaacSetup.exe -d C:\Users\Adrian\Downloads
Task: {6C2F4018-6A5A-45B2-AF13-1E4E8D7EAB39} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {711E22EF-07F2-4F1F-98DC-3050568811B9} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2009-11-11] (Microsoft Corporation)
Task: {80020320-786A-4F13-B7CE-224F08B83028} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-18] ()
Task: {8BD865E6-C39F-4BE1-AD1A-E9869F2281CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {90E76B1F-9987-4E10-B3C0-B08A8801C908} - System32\Tasks\{C4EDCF41-2124-43A9-9D44-2D877FE591A1} => pcalua.exe -a C:\Users\Adrian\Downloads\MPSetupXP.exe -d "C:\Program Files (x86)\Windows Media Player"
Task: {91339EDC-6317-43E9-8BC1-FDCF4CA0AD78} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {9CF0686D-3B0E-424B-8BC0-7CF1B6789951} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {BB034F7F-D7D6-445C-89AD-AF479C5816A8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-28] (Adobe Systems Incorporated)
Task: {CD628846-9773-4131-9556-BF0181DF79CD} - System32\Tasks\{6F2E902B-BFD2-4A6A-B41B-F0A90F83154C} => C:\Games\Warcraft III\Frozen Throne.exe [2011-05-12] (Blizzard Entertainment)
Task: {D83B907F-20A8-4570-A88C-852ED4551215} - System32\Tasks\{DD190314-ABF6-485C-B6AA-D498B1ECE2F2} => pcalua.exe -a C:\Users\Adrian\Downloads\Bittorent\microsoft\setup.exe -d C:\Users\Adrian\Downloads\Bittorent\microsoft
Task: {E1794C1D-D9B6-41EA-9952-CFBAC21EE3DD} - System32\Tasks\{54DCB226-82EB-4306-B99B-C06005EB483A} => C:\Games\Warcraft III\Frozen Throne.exe [2011-05-12] (Blizzard Entertainment)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2012-11-19 16:34 - 2014-10-17 00:11 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-07-30 17:04 - 2009-08-24 14:38 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
2010-08-01 17:26 - 2011-08-17 15:46 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2010-08-01 17:26 - 2011-08-17 16:23 - 00321024 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2010-08-10 20:15 - 2010-08-10 20:15 - 00006144 _____ () C:\Users\Adrian\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.1.gadget\CoreTempReader.dll
2010-08-10 20:15 - 2010-08-10 20:15 - 00008704 _____ () C:\Users\Adrian\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.1.gadget\GetCoreTempInfoNET.dll
2010-08-10 20:15 - 2010-08-10 20:15 - 00007680 _____ () C:\Users\Adrian\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.1.gadget\SystemInfo.dll
2015-01-28 16:24 - 2013-04-09 11:05 - 00846848 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2012-04-03 15:36 - 2011-07-07 16:17 - 01673216 _____ () C:\Program Files (x86)\Ttesports\MEKA G UNIT\MEKA G Unit HID.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-07-30 17:04 - 2009-03-13 11:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
2015-01-15 19:04 - 2015-01-15 19:04 - 00025600 _____ () C:\Program Files (x86)\Overwolf\0.82.106.0\CoreAudioApi.dll
2015-01-15 19:04 - 2015-01-15 19:04 - 38713856 _____ () C:\Program Files (x86)\Overwolf\0.82.106.0\libcef.DLL
2015-01-28 16:24 - 2013-01-22 14:40 - 01411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2015-01-28 16:24 - 2013-04-02 13:41 - 00193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2015-01-28 16:24 - 2013-04-02 13:41 - 00138752 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll
2015-01-28 16:24 - 2013-02-28 11:42 - 00115712 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.DLL
2015-01-28 16:49 - 2015-01-28 16:50 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-15 19:04 - 2015-01-15 19:04 - 00514528 _____ () C:\Program Files (x86)\Overwolf\0.82.106.0\libglesv2.dll
2015-01-15 19:04 - 2015-01-15 19:04 - 00105952 _____ () C:\Program Files (x86)\Overwolf\0.82.106.0\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-4166316762-607454834-2387640162-500 - Administrator - Disabled)
Adrian (S-1-5-21-4166316762-607454834-2387640162-1000 - Administrator - Enabled) => C:\Users\Adrian
Guest (S-1-5-21-4166316762-607454834-2387640162-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4166316762-607454834-2387640162-1005 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Creative Game Port
Description: Creative Game Port
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Creative
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2015 07:01:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/28/2015 07:01:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/28/2015 07:00:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {63bd5fcd-c2d1-4334-a217-4506c679b3f9}

Error: (01/28/2015 06:55:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/28/2015 06:55:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/28/2015 06:49:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/28/2015 06:38:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/28/2015 06:38:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/28/2015 06:32:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/28/2015 06:31:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (01/28/2015 06:58:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/28/2015 06:58:19 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/28/2015 06:58:19 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/28/2015 06:58:18 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/28/2015 06:58:18 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/28/2015 06:56:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (01/28/2015 06:49:47 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/28/2015 06:49:47 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/28/2015 06:49:19 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/28/2015 06:49:10 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2012-01-12 03:20:21.095
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HdAudio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-01-12 03:20:21.048
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HdAudio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-01-12 03:20:21.001
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HdAudio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-01-12 03:20:20.954
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HdAudio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-01-12 03:20:20.908
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HdAudio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-01-12 03:20:20.861
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HdAudio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-01-12 03:20:20.830
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HdAudio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-01-12 03:20:20.783
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HdAudio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-10-26 10:08:43.502
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\amdppm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-07-04 18:01:00.505
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgtdia.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Phenom™ II X6 1055T Processor
Percentage of memory in use: 31%
Total physical RAM: 8189.55 MB
Available physical RAM: 5645.05 MB
Total Pagefile: 16379.11 MB
Available Pagefile: 13279.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:142.54 GB) NTFS
Drive d: (CD216A2) (CDROM) (Total:0.1 GB) (Free:0 GB) CDFS
Drive e: (Adrian Kels) (Fixed) (Total:931.51 GB) (Free:429.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2FA8ED9A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: B1B98F90)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Files


Edited by Oh My!, 29 January 2015 - 09:51 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:50 PM

Posted 29 January 2015 - 10:03 AM

Greetings chompa83 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please consider and run the below for me.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-4166316762-607454834-2387640162-1000 - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-4166316762-607454834-2387640162-1000 -> No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
Hosts: Hosts file not detected in the default directory
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
2011-06-18 22:25 - 2011-06-18 22:25 - 0000000 _____ () C:\Users\Adrian\AppData\Local\{ACA5956B-40C4-4255-827B-3391E2B707C4}
2011-06-19 21:00 - 2011-06-19 21:00 - 0000000 _____ () C:\Users\Adrian\AppData\Local\{BEB5AD6E-59DD-476D-B11B-A5494EDD25A2}
2011-09-13 19:29 - 2011-09-13 19:29 - 0000000 _____ () C:\Users\Adrian\AppData\Local\{C8BB98BE-E9E2-468D-80DA-6ACCF357A1D6}
C:\Users\Adrian\AppData\Local\Temp\ose00000.exe
C:\Users\Adrian\AppData\Local\Temp\Tsu-1A0C.dll
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Uploading Minidump File

--------------------
  • Using Windows Explorer please navigate to the following location(s):

C:\Windows\Minidump\012815-23041-01.dmp

  • Upload the file here
  • I will be automatically notified when the file has been successfully uploaded
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Uploaded Minidump file
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 chompa83

chompa83
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 29 January 2015 - 04:44 PM

Hi oh my thanks for your quick response, for the last 24+ hrs I have not been able to access internet, could this be from the infection?

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:50 PM

Posted 29 January 2015 - 04:51 PM

Yes, it might be.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 chompa83

chompa83
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 29 January 2015 - 04:53 PM

Well this isn't a good start I'm just about to call my ISP to see if they can help

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:50 PM

Posted 29 January 2015 - 04:57 PM

We can try to address your internet issue. Can you complete the steps? You can create the fixlist.txt document on a clean computer, save it to a USB device and transfer it to your infected computer's desktop.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 chompa83

chompa83
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 29 January 2015 - 05:26 PM

Unfortunately I only have the one PC and just have my phone... I can get all the files and logs but I don't have a clean PC with internet nearby, I'll see if I can sort something out today..

#8 chompa83

chompa83
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 29 January 2015 - 05:47 PM

Ok so ISP could not help me, but I can go down the road get a USB modem, but if I use it on my PC is it going to corrupt that to, should I look to rent a laptop..

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:50 PM

Posted 29 January 2015 - 06:13 PM

See if you can right click on the Internet icon in the lower right hand corner of your screen. Click Troubleshoot Problems, or anything similar, and see if Windows can repair it.

Don't go out an buy anything just yet. We have some other options to try.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 chompa83

chompa83
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 29 January 2015 - 06:16 PM

im using my phone as a hotspot... i am trying to run the fix on frst and it says warning looks you dont know what to do. to prevent damage to the system the tool will reset



#11 chompa83

chompa83
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 29 January 2015 - 06:18 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by Adrian at 2015-01-30 12:56:18 Run:2
Running from C:\Users\Adrian\Desktop
Loaded Profiles: Adrian (Available profiles: Adrian)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-4166316762-607454834-2387640162-1000 - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-4166316762-607454834-2387640162-1000 -> No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
Hosts: Hosts file not detected in the default directory
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
2011-06-18 22:25 - 2011-06-18 22:25 - 0000000 _____ () C:\Users\Adrian\AppData\Local\{ACA5956B-40C4-4255-827B-3391E2B707C4}
2011-06-19 21:00 - 2011-06-19 21:00 - 0000000 _____ () C:\Users\Adrian\AppData\Local\{BEB5AD6E-59DD-476D-B11B-A5494EDD25A2}
2011-09-13 19:29 - 2011-09-13 19:29 - 0000000 _____ () C:\Users\Adrian\AppData\Local\{C8BB98BE-E9E2-468D-80DA-6ACCF357A1D6}
C:\Users\Adrian\AppData\Local\Temp\ose00000.exe
C:\Users\Adrian\AppData\Local\Temp\Tsu-1A0C.dll
*****************

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-21-4166316762-607454834-2387640162-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-4166316762-607454834-2387640162-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => Value not found.
HKCR\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
Lbd => Service not found.
"C:\Users\Adrian\AppData\Local\{ACA5956B-40C4-4255-827B-3391E2B707C4}" => File/Directory not found.
"C:\Users\Adrian\AppData\Local\{BEB5AD6E-59DD-476D-B11B-A5494EDD25A2}" => File/Directory not found.
"C:\Users\Adrian\AppData\Local\{C8BB98BE-E9E2-468D-80DA-6ACCF357A1D6}" => File/Directory not found.
"C:\Users\Adrian\AppData\Local\Temp\ose00000.exe" => File/Directory not found.
"C:\Users\Adrian\AppData\Local\Temp\Tsu-1A0C.dll" => File/Directory not found.

==== End of Fixlog 12:56:18 ====



#12 chompa83

chompa83
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 29 January 2015 - 06:24 PM

Summary zip!

Attached Files



#13 chompa83

chompa83
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 29 January 2015 - 06:29 PM

i get an error when trying to attach the mini dump file

nevermind im a bit slow this morning...!

still get the error at the link page


Edited by chompa83, 29 January 2015 - 06:32 PM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:50 PM

Posted 29 January 2015 - 06:33 PM

Did you try to attach it or upload it? It needs to be uploaded per the instructions in Post #2.

Shall I assume the troubleshoot steps resolved the internet issue?

Edited by Oh My!, 29 January 2015 - 06:33 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 chompa83

chompa83
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 29 January 2015 - 06:35 PM

i tried both? the 1st to attach by mistake, but I got the same error message on both attempts.

Nah the troubleshooter didnt resolve it, i didnt realise i can use my smart phone as a hotspot so im currently feeding off that!


Edited by chompa83, 29 January 2015 - 06:43 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users