Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost 100% cpu


  • This topic is locked This topic is locked
8 replies to this topic

#1 jetracer

jetracer

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 02 February 2015 - 06:44 PM

Hello all, I've recently noticed a problem that seems to be common around here. A rogue copy of svchost is utilizing as much cpu as it can by itself. It starts itself when i start the computer. 

 

Running windows 7 64 bit. The only real details i have are procept details. It states "tcp hosted-by.leaseweb.com:1001" 

Under command line it shows "C:\Windows\temp\svchost.exe" -o stratum+tcp://pool.cryptmonero.com:1001 -u 43s6t7KoCXtaBZ48bL5sPDhTEs6FG9FA8RCGkqC5xzkCATVAYzSmykD67mSXkejwnSQ552bjF5DsCCunopJPwAUZEkphFBZ -p x

 

Any help with this at all is much appreciated. 

 

I may have posted this in the wrong forum first, i apologize.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by chris (administrator) on CHRIS-PC on 02-02-2015 18:41:39
Running from C:\Users\chris\Desktop\New folder (9)
Loaded Profiles: chris (Available profiles: chris)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.crush prodructions\bin\ScpService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) C:\Program Files (x86)\iRacing\iRacingService.exe
(Marvell) C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Mr. John aka japamd) C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(CERN, PH/SFT Group) C:\Program Files (x86)\CERN\CernVMWebAPI\cernvm-webapi.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
() C:\Program Files\Serviio\bin\ServiioConsole.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
() C:\Windows\temp\svchost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sysinternals - www.sysinternals.com) C:\Users\chris\Desktop\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\chris\AppData\Local\Temp\procexp64.exe
(Valve Corporation) C:\Steam\Steam.exe
(Valve Corporation) C:\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [735744 2013-02-27] (Creative Technology Ltd)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-06-23] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2015-01-26] (Simply Super Software)
HKU\S-1-5-21-1862438995-2236925975-1376301958-1000\...\Run: [GoogleChromeAutoLaunch_7DCB6618398493FAB54700F5A3F17DEB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)
HKU\S-1-5-21-1862438995-2236925975-1376301958-1000\...\Run: [Spotify Web Helper] => C:\Users\chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-21] (Spotify Ltd)
HKU\S-1-5-21-1862438995-2236925975-1376301958-1000\...\Run: [CernVM WebAPI] => C:\Program Files (x86)\CERN\CernVMWebAPI\cernvm-webapi.exe [2763000 2014-12-05] (CERN, PH/SFT Group)
Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk
ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1862438995-2236925975-1376301958-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1862438995-2236925975-1376301958-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: YoutubeAdblocker -> {38201E90-AC3D-1609-67D6-FB51D81CC19F} -> C:\Program Files (x86)\YoutubeAdblocker\7KQ0gCg8.x64.dll No File
BHO: savve iNeTT -> {38D33E68-6992-9D46-7B46-6AC80BDD7C73} -> C:\Program Files (x86)\savve iNeTT\a0L.x64.dll No File
BHO: save nneet -> {51C77F53-9D57-F767-1A4C-D2E07814303E} -> C:\Program Files (x86)\save nneet\5QPWRfP.x64.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> d:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\gy8oz42h.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> d:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @vizzed.com/VizzedRGR -> C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1862438995-2236925975-1376301958-1000: @hulu.com/Hulu Desktop -> C:\Users\chris\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKU\S-1-5-21-1862438995-2236925975-1376301958-1000: @tools.google.com/Google Update;version=3 -> C:\Users\chris\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1862438995-2236925975-1376301958-1000: @tools.google.com/Google Update;version=9 -> C:\Users\chris\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1862438995-2236925975-1376301958-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1862438995-2236925975-1376301958-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin HKU\S-1-5-21-1862438995-2236925975-1376301958-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2015-01-21]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-05]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF HKU\S-1-5-21-1862438995-2236925975-1376301958-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.google.com", "hxxp://start.sweetpacks.com/?barid={9D9D1250-D152-11E2-A4B8-867FA511E9C0}&src=10&crg=3.5000006.10043&st=23", "", "hxxp://websearch.amaizingsearches.info/?pid=34&r=2014/04/24&hid=11043303596252314929&lg=EN&cc=US&unqvl=51", "hxxp://groovorio.com/?f=7&a=grv_tight3_14_33&cd=2XzuyEtN2Y1L1QzuyDyEtDyE0AyC0DzyyEtCtAtB0A0EtBtDtN0D0Tzu0StCtDtAyDtN1L2XzutAtFyDtFtCtFtCtN1L1Czu2Z1L1N1M2Z1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2StAyByE0F0FtC0FtBtG0Ezy0DtCtGtAtB0F0FtGyCyEyBtBtGtBtD0AyEyE0EzytDyEzyzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0CtBtAtByD0AtCtGtByDyC0DtGyEtDtAzztGzy0B0F0CtGtBtAyEyDyD0FyCzzyEzyzztD2Q&cr=1748699203&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-08-20]
CHR Extension: (Angry Birds) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-08-20]
CHR Extension: (Google Docs) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]
CHR Extension: (Google Drive) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-19]
CHR Extension: (Turn Off the Lights) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-08-20]
CHR Extension: (YouTube) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]
CHR Extension: (Honey) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2015-01-29]
CHR Extension: (Adblock Plus) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-20]
CHR Extension: (Google Search) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]
CHR Extension: (Castle Age) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbjgjgmolalkjmififnbhebieijgkiic [2014-08-20]
CHR Extension: (Center Image) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkiklnjkgjkmamgoaggongdmekajdlki [2014-08-20]
CHR Extension: (AdBlock) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-20]
CHR Extension: (Isoball 3) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2014-08-20]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-08-20]
CHR Extension: (Poppit!) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-20]
CHR Extension: (Ghostery) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-08-20]
CHR Extension: (Google Wallet) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-08-20]
CHR Extension: (chromeIPass) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ompiailgknfdndiefoaoiligalphfdae [2014-08-20]
CHR Extension: (Gmail) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]
CHR HKLM-x32\...\Chrome\Extension: [cbmodlhkmdkbgdcpaekfpdddhhhbicnn] - C:\ProgramData\Zoomex\cbmodlhkmdkbgdcpaekfpdddhhhbicnn.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-19] (SUPERAntiSpyware.com)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-01] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-15] () [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [406288 2014-06-23] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-06-23] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-06-23] (BlueStack Systems, Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-09-12] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-09-12] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [112640 2013-07-03] (Creative Technology Ltd)
R2 Ds3Service; C:\Program Files\Scarlet.crush prodructions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 iRacingService; C:\Program Files (x86)\iRacing\iRacingService.exe [786600 2014-03-20] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) [File not signed]
R2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2011-11-21] (Apache Software Foundation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4230040 2013-04-14] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [430080 2011-05-09] (PowerUp Software, LLC) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-20] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189480 2015-01-21] ()
R2 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed]
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [359936 2014-03-20] () [File not signed]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-08] (Company) [File not signed]
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2012-11-01] (VMware, Inc.) [File not signed]
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [13234176 2012-11-01] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ArcService; d:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-06-23] (BlueStack Systems)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1060632 2013-07-03] (Creative Technology Ltd)
R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [34072 2013-07-03] (Creative Technology Ltd)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [38096 2012-12-17] (GFI Software)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\atBIOS\GPCIDrv64.sys [14376 2010-02-04] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2012-12-22] (http://libusb-win32.sourceforge.net)
S3 libusb0; C:\Windows\SysWOW64\DRIVERS\libusb0.sys [33792 2005-03-09] () [File not signed]
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [115272 2011-11-10] (MotioninJoy) [File not signed]
R3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2011-11-21] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] ()
S3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [340992 2007-12-26] (NETGEAR Inc.)
S3 SaiH0762; C:\Windows\System32\DRIVERS\SaiH0762.sys [178304 2008-02-15] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22792 2010-08-10] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-08-10] (Saitek)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15712 2013-07-29] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
S3 AtiHDAudioService; system32\drivers\AtihdW76.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
U3 fwloqpod; \??\C:\Users\chris\AppData\Local\Temp\fwloqpod.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 18:41 - 2015-02-02 18:41 - 02131456 _____ (Farbar) C:\Users\chris\Downloads\FRST64 (1).exe
2015-02-02 18:41 - 2015-02-02 18:41 - 00000000 ____D () C:\FRST
2015-02-02 17:59 - 2015-02-02 17:59 - 02131456 _____ (Farbar) C:\Users\chris\Downloads\FRST64.exe
2015-02-02 17:59 - 2015-02-02 17:59 - 00380416 _____ () C:\Users\chris\Downloads\w0vfoghx.exe
2015-01-29 18:35 - 2015-01-29 18:35 - 00002116 _____ () C:\Users\Public\Desktop\CastleLink Graph Viewer V3.57.15.lnk
2015-01-29 18:35 - 2015-01-29 18:35 - 00001164 _____ () C:\Users\Public\Desktop\CastleLink V3.57.15.lnk
2015-01-29 18:35 - 2015-01-29 18:35 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Castle Creations
2015-01-29 18:35 - 2015-01-29 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Castle Link
2015-01-29 18:35 - 2015-01-29 18:35 - 00000000 ____D () C:\Program Files\Castle Creations
2015-01-29 18:35 - 2015-01-29 18:35 - 00000000 ____D () C:\Program Files (x86)\Castle Creations
2015-01-29 18:35 - 2012-12-12 12:50 - 00000323 _____ () C:\Users\chris\AppData\Local\CastleLinkProps.dat
2015-01-29 18:34 - 2015-01-29 18:35 - 17924192 _____ (Castle Creations) C:\Users\chris\Downloads\CastleLinkInstall_3.57.15.exe
2015-01-29 18:08 - 2015-01-29 18:08 - 00058641 _____ () C:\Users\chris\Downloads\O-demonoid.pw-O_Dying_Light_PC_full_game_DLC_nosTEAM__8174674.4312.TORRENT
2015-01-29 17:37 - 2015-01-29 21:34 - 00000000 ____D () C:\Users\chris\Documents\ManiaPlanet
2015-01-29 17:37 - 2015-01-29 21:03 - 00000000 ____D () C:\ProgramData\ManiaPlanet
2015-01-29 17:37 - 2015-01-29 17:37 - 00001144 _____ () C:\Users\Public\Desktop\TMStadium.lnk
2015-01-29 17:37 - 2015-01-29 17:37 - 00001096 _____ () C:\Users\Public\Desktop\ManiaPlanet.lnk
2015-01-29 17:37 - 2015-01-29 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManiaPlanet
2015-01-29 17:37 - 2015-01-29 17:37 - 00000000 ____D () C:\Program Files (x86)\ManiaPlanet
2015-01-29 17:19 - 2015-01-29 17:21 - 127307464 _____ (Nadeo ) C:\Users\chris\Downloads\Maniaplanet_Setup_TMValley.exe
2015-01-29 17:19 - 2015-01-29 17:21 - 127307464 _____ (Nadeo ) C:\Users\chris\Downloads\Maniaplanet_Setup_TMStadium.exe
2015-01-27 22:16 - 2015-01-27 22:16 - 00000000 ____D () C:\Users\chris\AppData\Local\Geld_Maker_2
2015-01-27 19:12 - 2015-01-27 19:12 - 16394240 _____ (Microsoft Corporation) C:\Users\chris\Downloads\Exoptable_Money.exe
2015-01-27 18:40 - 2015-01-27 18:40 - 00000000 ____D () C:\Crash
2015-01-27 11:40 - 2015-01-27 12:35 - 00000000 ____D () C:\ComboFix
2015-01-27 10:42 - 2015-01-27 10:42 - 05610622 _____ (Swearware) C:\Users\chris\Downloads\ComboFix.exe
2015-01-27 10:38 - 2015-01-27 10:38 - 00000000 ____D () C:\Windows\ERUNT
2015-01-27 10:37 - 2015-02-02 18:41 - 00000000 ____D () C:\Users\chris\Desktop\New folder (9)
2015-01-27 10:37 - 2015-01-27 10:37 - 01707939 _____ (Thisisu) C:\Users\chris\Downloads\JRT.exe
2015-01-27 10:37 - 2015-01-27 10:37 - 01707939 _____ (Thisisu) C:\Users\chris\Desktop\JRT.exe
2015-01-27 10:29 - 2015-01-27 10:33 - 00000000 ____D () C:\AdwCleaner
2015-01-27 10:29 - 2015-01-27 10:29 - 02194432 _____ () C:\Users\chris\Downloads\AdwCleaner.exe
2015-01-27 10:28 - 2015-01-27 10:28 - 00688992 _____ (Swearware) C:\Users\chris\Downloads\dds.scr
2015-01-27 10:28 - 2015-01-27 10:28 - 00028722 _____ () C:\Users\chris\Desktop\dds.txt
2015-01-27 10:28 - 2015-01-27 10:28 - 00018675 _____ () C:\Users\chris\Desktop\attach.txt
2015-01-26 21:56 - 2015-01-26 21:56 - 00492040 _____ () C:\Users\chris\Downloads\ft-jetracer-bb75d57b786a779.rar
2015-01-26 20:17 - 2015-01-27 11:21 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-26 20:17 - 2015-01-26 20:17 - 00000000 ____D () C:\ProgramData\Licenses
2015-01-26 20:14 - 2015-01-26 20:14 - 00000000 ____D () C:\Users\chris\Documents\Simply Super Software
2015-01-26 20:14 - 2015-01-26 20:14 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Simply Super Software
2015-01-26 20:14 - 2015-01-26 20:14 - 00000000 ____D () C:\ProgramData\Simply Super Software
2015-01-26 20:14 - 2015-01-26 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-01-26 20:14 - 2015-01-26 20:14 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2015-01-26 20:13 - 2015-01-26 20:14 - 21657592 _____ (Simply Super Software ) C:\Users\chris\Downloads\trjsetup.exe
2015-01-26 20:13 - 2015-01-26 20:13 - 10273304 _____ (Simply Super Software ) C:\Users\chris\Downloads\trjsetup-9x.exe
2015-01-26 20:01 - 2015-01-26 20:01 - 00354396 _____ () C:\Users\chris\Downloads\SysProt.zip
2015-01-26 19:51 - 2015-01-26 19:51 - 36210245 _____ () C:\Users\chris\Downloads\MSIAfterburnerSetup410.zip
2015-01-22 21:56 - 2015-01-22 22:01 - 00000000 ____D () C:\Users\chris\Documents\Assetto Corsa
2015-01-22 18:03 - 2015-01-22 18:03 - 00016472 _____ () C:\Users\chris\Downloads\++demonoid.pw++-Archer_S06E02_720p_HDTV_MPEG2_SM10_(PS3_Compatible)_8174674.4312.TORRENT
2015-01-21 22:03 - 2015-01-21 22:04 - 00218880 _____ () C:\Users\chris\Desktop\crittermound.txt
2015-01-21 18:50 - 2015-01-21 18:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-21 18:25 - 2015-01-21 18:25 - 00179649 _____ () C:\Users\chris\Downloads\critter_mound_v1-1-4.zip
2015-01-19 20:07 - 2015-01-19 20:08 - 75854752 _____ () C:\Users\chris\Downloads\Kenworth_Long-Stas556_dmitry68.rar
2015-01-19 20:07 - 2015-01-19 20:07 - 00005698 _____ () C:\Users\chris\Downloads\zzzzzzz__No-barrier-mod.scs
2015-01-18 20:03 - 2015-01-18 20:04 - 01913535 _____ () C:\Users\chris\Downloads\Euro_Truck_Simulator_2_Super_Savegame_v2_by_Gamecheattuts.zip
2015-01-18 19:08 - 2015-01-18 19:08 - 00417371 _____ () C:\Users\chris\Downloads\ets2-jetracer-d6efb33187eafab.rar
2015-01-18 19:02 - 2015-01-18 19:02 - 00376923 _____ () C:\Users\chris\Downloads\ets2-jetracer-a9a095926a9237d.rar
2015-01-18 18:56 - 2015-01-18 18:56 - 00376337 _____ () C:\Users\chris\Downloads\ets2-jetracer-13649f08db1f6aa.rar
2015-01-18 18:38 - 2015-01-18 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DS4Windows
2015-01-18 18:37 - 2015-01-22 20:21 - 00000000 ____D () C:\Users\chris\Desktop\New folder (6)
2015-01-18 18:37 - 2015-01-18 18:37 - 01184674 _____ () C:\Users\chris\Downloads\DS4Windows.zip
2015-01-18 18:00 - 2015-01-18 18:01 - 00000000 ____D () C:\Users\chris\Desktop\New folder
2015-01-18 15:26 - 2015-01-18 15:26 - 00000932 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2015-01-18 15:26 - 2015-01-18 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2015-01-18 15:26 - 2015-01-18 15:26 - 00000000 ____D () C:\Program Files\MotioninJoy
2015-01-18 15:26 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll
2015-01-18 15:25 - 2015-01-18 15:26 - 04117346 _____ () C:\Users\chris\Downloads\motioninjoy-0-7-1001-en-win.zip
2015-01-18 15:24 - 2015-01-18 15:24 - 00759932 _____ () C:\Users\chris\Downloads\BetterDS3_1.5.3 (1).zip
2015-01-18 02:06 - 2015-01-18 02:06 - 00540657 _____ () C:\Users\chris\Downloads\4.16.401.9-noredtext-HBOOT-only.zip
2015-01-18 00:57 - 2015-01-18 00:57 - 32477132 _____ () C:\Users\chris\Downloads\firmware_unsigned_4.16.401.9.zip
2015-01-18 00:36 - 2015-01-18 00:36 - 00024773 _____ () C:\Users\chris\Downloads\myshazam-history.html
2015-01-13 18:25 - 2015-01-13 18:25 - 00000000 ____D () C:\ProgramData\.mono
2015-01-12 20:31 - 2015-01-12 20:31 - 00000000 ____D () C:\ProgramData\DSDCS
2015-01-12 20:28 - 2015-01-18 18:38 - 00001076 _____ () C:\Users\Public\Desktop\DS4Windows.lnk
2015-01-12 20:28 - 2015-01-12 20:31 - 00000000 ____D () C:\Users\chris\AppData\Roaming\DS4Windows
2015-01-12 20:28 - 2015-01-12 20:28 - 00000000 ____D () C:\ProgramData\Caphyon
2015-01-12 20:28 - 2015-01-12 20:28 - 00000000 ____D () C:\Program Files (x86)\DSDCS
2015-01-12 20:24 - 2015-01-18 18:37 - 00000000 ____D () C:\Users\chris\AppData\Roaming\DSDCS
2015-01-12 20:24 - 2015-01-12 20:24 - 17172123 _____ (DSDCS) C:\Users\chris\Downloads\DS4Windows(1.5.16).exe
2015-01-12 20:22 - 2015-01-12 20:22 - 00041304 _____ () C:\Users\chris\Downloads\Need_for_Speed_-_Underground_2_-_RELOADED.torrent
2015-01-12 18:31 - 2015-01-12 18:32 - 09817890 _____ () C:\Users\chris\Downloads\jeepwranglerrubicon.zip
2015-01-07 18:30 - 2015-01-07 18:30 - 00000110 _____ () C:\Users\chris\.dir
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serviio
2015-01-07 18:24 - 2015-01-07 18:25 - 28313048 _____ () C:\Users\chris\Downloads\serviio-1.4.1.2-win-setup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 18:41 - 2011-11-21 22:08 - 00358400 _____ () C:\Windows\SysWOW64\freqdb.db
2015-02-02 18:40 - 2014-01-23 20:48 - 09942048 _____ () C:\Windows\backend.log
2015-02-02 18:32 - 2014-06-04 18:22 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1862438995-2236925975-1376301958-1000UA.job
2015-02-02 18:30 - 2013-12-04 21:45 - 00000000 ____D () C:\Steam
2015-02-02 18:22 - 2012-11-07 20:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 17:55 - 2009-07-13 23:45 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-02 17:55 - 2009-07-13 23:45 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-02 17:54 - 2009-07-14 00:13 - 00805382 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-02 17:51 - 2012-11-07 20:20 - 01977315 _____ () C:\Windows\WindowsUpdate.log
2015-02-02 17:49 - 2014-12-17 18:42 - 00000000 ____D () C:\Users\chris\.VirtualBox
2015-02-02 17:49 - 2014-04-23 21:48 - 00000476 ____H () C:\Windows\Tasks\SN.Booster-S-937180986.job
2015-02-02 17:49 - 2014-03-18 18:56 - 00003022 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2015-02-02 17:49 - 2012-11-07 20:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 17:48 - 2014-08-05 18:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-02 17:48 - 2014-01-27 17:53 - 00063431 _____ () C:\Windows\setupact.log
2015-02-02 17:48 - 2013-12-11 21:17 - 00000189 _____ () C:\.dir
2015-02-02 17:48 - 2013-05-22 15:46 - 00119296 _____ () C:\Windows\SysWOW64\zlib.dll
2015-02-02 17:48 - 2013-01-10 20:54 - 00000000 ____D () C:\ProgramData\VMware
2015-02-02 17:48 - 2012-12-31 01:49 - 00071328 _____ () C:\Windows\SysWOW64\mvaccelerator.log
2015-02-02 17:48 - 2012-12-03 19:03 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-02 17:48 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 20:42 - 2012-11-07 20:46 - 00000000 ____D () C:\Users\chris\AppData\Roaming\uTorrent
2015-01-29 18:25 - 2013-01-13 22:00 - 00000000 ____D () C:\Users\chris\Documents\Virtual Machines
2015-01-29 17:37 - 2012-11-30 16:41 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-29 17:32 - 2014-06-04 18:22 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1862438995-2236925975-1376301958-1000Core.job
2015-01-27 12:48 - 2014-01-27 17:53 - 00433962 _____ () C:\Windows\PFRO.log
2015-01-27 12:08 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-27 11:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-27 11:26 - 2012-12-06 22:03 - 00000000 ____D () C:\Qoobox
2015-01-27 10:16 - 2014-08-19 19:44 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-27 10:15 - 2013-02-04 21:15 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-27 09:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-26 21:27 - 2014-07-03 18:22 - 00000000 ____D () C:\Program Files (x86)\Space Run
2015-01-26 20:39 - 2014-03-25 16:57 - 00000000 ____D () C:\Users\chris\Downloads\guiminer
2015-01-26 20:23 - 2013-02-04 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-22 21:09 - 2012-11-07 20:47 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Spotify
2015-01-22 20:48 - 2012-11-20 20:08 - 00000000 ____D () C:\Users\chris\AppData\Local\Spotify
2015-01-22 20:42 - 2014-09-03 19:04 - 00000000 ____D () C:\Users\chris\Documents\Euro Truck Simulator 2
2015-01-22 16:56 - 2012-11-07 20:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-21 21:42 - 2012-11-28 20:00 - 00189480 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-01-21 21:42 - 2012-11-21 23:45 - 00189480 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-01-18 19:05 - 2012-11-07 20:44 - 00000000 ____D () C:\Users\chris\AppData\Local\CrashDumps
2015-01-18 02:09 - 2014-10-16 22:37 - 00000000 ____D () C:\adb
2015-01-13 19:44 - 2013-03-05 12:57 - 00000000 ____D () C:\Users\chris\Documents\America's Army 3
2015-01-13 18:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Vss
2015-01-12 22:54 - 2014-08-19 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-12 22:54 - 2014-08-19 19:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-12 22:54 - 2013-02-04 21:04 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-12 20:27 - 2012-11-07 21:40 - 00797504 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-12 20:24 - 2012-11-07 20:24 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-01-12 20:20 - 2012-11-20 00:25 - 00000000 ____D () C:\Program Files (x86)\Everything
2015-01-08 09:55 - 2012-11-07 21:01 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 18:30 - 2012-11-07 20:20 - 00000000 ____D () C:\Users\chris
2015-01-07 18:24 - 2013-02-13 16:04 - 00000000 ____D () C:\ProgramData\boost_interprocess

==================== Files in the root of some directories =======

2013-04-18 13:48 - 2013-04-18 13:48 - 0000600 _____ () C:\Users\chris\AppData\Roaming\winscp.rnd
2013-05-18 18:03 - 2013-05-18 18:03 - 0000037 ___SH () C:\Users\chris\AppData\Local\70149b02515b3bb20dd492.47983420
2015-01-29 18:35 - 2012-12-12 12:50 - 0000323 _____ () C:\Users\chris\AppData\Local\CastleLinkProps.dat
2012-11-20 22:35 - 2013-09-15 21:40 - 1648640 _____ () C:\Users\chris\AppData\Local\file__0.localstorage
2013-09-10 14:33 - 2013-09-10 14:33 - 0000093 _____ () C:\Users\chris\AppData\Local\fusioncache.dat
2012-12-16 21:57 - 2013-02-22 00:09 - 0000600 _____ () C:\Users\chris\AppData\Local\PUTTY.RND
2012-11-07 20:26 - 2014-03-25 19:16 - 0007660 _____ () C:\Users\chris\AppData\Local\Resmon.ResmonCfg
2008-02-05 16:28 - 2008-02-05 16:28 - 0000051 _____ () C:\Users\chris\AppData\Local\setup.txt
2013-01-26 23:50 - 2014-04-24 17:26 - 0000080 _____ () C:\Users\chris\AppData\Local\X-Plane Installer.prf
2013-01-26 23:14 - 2013-01-29 21:15 - 0000052 _____ () C:\Users\chris\AppData\Local\x-plane_install_10.txt
2013-02-05 19:31 - 2013-02-18 10:56 - 0001808 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\chris\AppData\Roaming\Origin\update.vbe


Some content of TEMP:
====================
C:\Users\chris\AppData\Local\Temp\i4jdel0.exe
C:\Users\chris\AppData\Local\Temp\procexp64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-26 22:57

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:13 AM

Posted 03 February 2015 - 11:24 AM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 jetracer

jetracer
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 03 February 2015 - 06:29 PM

# AdwCleaner v4.109 - Report created 03/02/2015 at 18:08:03
# Updated 24/01/2015 by Xplode
# Database : 2015-02-03.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : chris - CHRIS-PC
# Running from : C:\Users\chris\Desktop\New folder (9)\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\chris\AppData\Local\CrashRpt
Folder Deleted : C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v35.0 (x86 en-US)


-\\ Google Chrome v40.0.2214.93


-\\ Chromium v


-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [15679 octets] - [27/01/2015 10:29:51]
AdwCleaner[R1].txt - [1174 octets] - [03/02/2015 18:02:07]
AdwCleaner[S0].txt - [15019 octets] - [27/01/2015 10:33:07]
AdwCleaner[S1].txt - [1100 octets] - [03/02/2015 18:08:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1160 octets] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/3/2015
Scan Time: 6:10:50 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.03.08
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: chris

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 466810
Time Elapsed: 8 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 1
Trojan.Agent.Gen, C:\Windows\temp\svchost.exe, 8048, Delete-on-Reboot, [49c98496deac57df3ff75d5743c1758b]

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Agent.Gen, C:\Windows\temp\svchost.exe, Delete-on-Reboot, [49c98496deac57df3ff75d5743c1758b], 

Physical Sectors: 0
(No malicious items detected)


(end)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by chris on Tue 02/03/2015 at 18:23:43.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/03/2015 at 18:26:50.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by chris (administrator) on CHRIS-PC on 03-02-2015 18:27:41
Running from C:\Users\chris\Desktop\New folder (9)
Loaded Profiles: chris (Available profiles: chris)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.crush prodructions\bin\ScpService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) C:\Program Files (x86)\iRacing\iRacingService.exe
(Marvell) C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Mr. John aka japamd) C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(CERN, PH/SFT Group) C:\Program Files (x86)\CERN\CernVMWebAPI\cernvm-webapi.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
() C:\Program Files\Serviio\bin\ServiioConsole.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
() C:\Windows\temp\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [735744 2013-02-27] (Creative Technology Ltd)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-06-23] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2015-01-26] (Simply Super Software)
HKU\S-1-5-21-1862438995-2236925975-1376301958-1000\...\Run: [GoogleChromeAutoLaunch_7DCB6618398493FAB54700F5A3F17DEB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)
HKU\S-1-5-21-1862438995-2236925975-1376301958-1000\...\Run: [Spotify Web Helper] => C:\Users\chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-21] (Spotify Ltd)
HKU\S-1-5-21-1862438995-2236925975-1376301958-1000\...\Run: [CernVM WebAPI] => C:\Program Files (x86)\CERN\CernVMWebAPI\cernvm-webapi.exe [2763000 2014-12-05] (CERN, PH/SFT Group)
Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk
ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1862438995-2236925975-1376301958-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1862438995-2236925975-1376301958-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: YoutubeAdblocker -> {38201E90-AC3D-1609-67D6-FB51D81CC19F} -> C:\Program Files (x86)\YoutubeAdblocker\7KQ0gCg8.x64.dll No File
BHO: savve iNeTT -> {38D33E68-6992-9D46-7B46-6AC80BDD7C73} -> C:\Program Files (x86)\savve iNeTT\a0L.x64.dll No File
BHO: save nneet -> {51C77F53-9D57-F767-1A4C-D2E07814303E} -> C:\Program Files (x86)\save nneet\5QPWRfP.x64.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> d:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\gy8oz42h.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> d:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @vizzed.com/VizzedRGR -> C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1862438995-2236925975-1376301958-1000: @hulu.com/Hulu Desktop -> C:\Users\chris\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKU\S-1-5-21-1862438995-2236925975-1376301958-1000: @tools.google.com/Google Update;version=3 -> C:\Users\chris\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1862438995-2236925975-1376301958-1000: @tools.google.com/Google Update;version=9 -> C:\Users\chris\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1862438995-2236925975-1376301958-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1862438995-2236925975-1376301958-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin HKU\S-1-5-21-1862438995-2236925975-1376301958-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2015-01-21]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-05]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF HKU\S-1-5-21-1862438995-2236925975-1376301958-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.google.com", "hxxp://start.sweetpacks.com/?barid={9D9D1250-D152-11E2-A4B8-867FA511E9C0}&src=10&crg=3.5000006.10043&st=23", "", "hxxp://websearch.amaizingsearches.info/?pid=34&r=2014/04/24&hid=11043303596252314929&lg=EN&cc=US&unqvl=51", "hxxp://groovorio.com/?f=7&a=grv_tight3_14_33&cd=2XzuyEtN2Y1L1QzuyDyEtDyE0AyC0DzyyEtCtAtB0A0EtBtDtN0D0Tzu0StCtDtAyDtN1L2XzutAtFyDtFtCtFtCtN1L1Czu2Z1L1N1M2Z1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2StAyByE0F0FtC0FtBtG0Ezy0DtCtGtAtB0F0FtGyCyEyBtBtGtBtD0AyEyE0EzytDyEzyzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0CtBtAtByD0AtCtGtByDyC0DtGyEtDtAzztGzy0B0F0CtGtBtAyEyDyD0FyCzzyEzyzztD2Q&cr=1748699203&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-08-20]
CHR Extension: (Angry Birds) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-08-20]
CHR Extension: (Google Docs) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]
CHR Extension: (Google Drive) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-19]
CHR Extension: (Turn Off the Lights) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-08-20]
CHR Extension: (YouTube) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]
CHR Extension: (Adblock Plus) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-20]
CHR Extension: (Google Search) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]
CHR Extension: (Castle Age) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbjgjgmolalkjmififnbhebieijgkiic [2014-08-20]
CHR Extension: (Center Image) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkiklnjkgjkmamgoaggongdmekajdlki [2014-08-20]
CHR Extension: (AdBlock) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-20]
CHR Extension: (Isoball 3) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2014-08-20]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-08-20]
CHR Extension: (Poppit!) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-20]
CHR Extension: (Ghostery) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-08-20]
CHR Extension: (Google Wallet) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-08-20]
CHR Extension: (chromeIPass) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ompiailgknfdndiefoaoiligalphfdae [2014-08-20]
CHR Extension: (Gmail) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]
CHR HKLM-x32\...\Chrome\Extension: [cbmodlhkmdkbgdcpaekfpdddhhhbicnn] - C:\ProgramData\Zoomex\cbmodlhkmdkbgdcpaekfpdddhhhbicnn.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-19] (SUPERAntiSpyware.com)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-01] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-15] () [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [406288 2014-06-23] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-06-23] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-06-23] (BlueStack Systems, Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-09-12] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-09-12] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [112640 2013-07-03] (Creative Technology Ltd)
R2 Ds3Service; C:\Program Files\Scarlet.crush prodructions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 iRacingService; C:\Program Files (x86)\iRacing\iRacingService.exe [786600 2014-03-20] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) [File not signed]
R2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2011-11-21] (Apache Software Foundation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4230040 2013-04-14] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [430080 2011-05-09] (PowerUp Software, LLC) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-20] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189480 2015-01-21] ()
R2 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed]
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [359936 2014-03-20] () [File not signed]
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-08] (Company) [File not signed]
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2012-11-01] (VMware, Inc.) [File not signed]
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [13234176 2012-11-01] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ArcService; d:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-06-23] (BlueStack Systems)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1060632 2013-07-03] (Creative Technology Ltd)
R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [34072 2013-07-03] (Creative Technology Ltd)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [38096 2012-12-17] (GFI Software)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\atBIOS\GPCIDrv64.sys [14376 2010-02-04] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2012-12-22] (http://libusb-win32.sourceforge.net)
S3 libusb0; C:\Windows\SysWOW64\DRIVERS\libusb0.sys [33792 2005-03-09] () [File not signed]
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [115272 2011-11-10] (MotioninJoy) [File not signed]
R3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2011-11-21] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] ()
S3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [340992 2007-12-26] (NETGEAR Inc.)
S3 SaiH0762; C:\Windows\System32\DRIVERS\SaiH0762.sys [178304 2008-02-15] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22792 2010-08-10] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-08-10] (Saitek)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15712 2013-07-29] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
S3 AtiHDAudioService; system32\drivers\AtihdW76.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 18:01 - 2015-02-03 18:01 - 01388274 _____ (Thisisu) C:\Users\chris\Downloads\JRT (1).exe
2015-02-03 18:00 - 2015-02-03 18:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\chris\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-03 18:00 - 2015-02-03 18:00 - 02194432 _____ () C:\Users\chris\Downloads\AdwCleaner (1).exe
2015-02-03 00:25 - 2015-02-03 00:25 - 00044017 _____ () C:\ComboFix.txt
2015-02-02 22:26 - 2015-02-02 22:26 - 01188194 _____ () C:\Users\chris\Downloads\ProcessExplorer (1).zip
2015-02-02 21:21 - 2015-02-02 21:21 - 02854912 _____ () C:\Users\chris\Downloads\xb1usb.11059.0.140526x64 (1).msi
2015-02-02 20:52 - 2015-02-02 21:00 - 215505190 _____ () C:\Users\chris\Downloads\Insane_Testing_With_Race_Track.zip
2015-02-02 20:52 - 2015-02-02 20:57 - 128233501 _____ () C:\Users\chris\Downloads\Advanced_Island.zip
2015-02-02 20:52 - 2015-02-02 20:54 - 53326713 _____ () C:\Users\chris\Downloads\UltimateTerrainV4_BeamNG_DRIVE.zip
2015-02-02 20:52 - 2015-02-02 20:52 - 15697679 _____ () C:\Users\chris\Downloads\SardianHeights.zip
2015-02-02 20:52 - 2015-02-02 20:52 - 09481356 _____ () C:\Users\chris\Downloads\Endless_Highway.zip
2015-02-02 20:51 - 2015-02-02 20:51 - 13429894 _____ () C:\Users\chris\Downloads\AM_General_M35A2_195.zip
2015-02-02 20:50 - 2015-02-02 20:51 - 12671694 _____ () C:\Users\chris\Downloads\DK_94_ZJV1.1 (1).zip
2015-02-02 20:50 - 2015-02-02 20:51 - 11230959 _____ () C:\Users\chris\Downloads\Subaru-Impreza-wrx-sti-2011.zip
2015-02-02 20:50 - 2015-02-02 20:51 - 03073946 _____ () C:\Users\chris\Downloads\nuda.zip
2015-02-02 20:50 - 2015-02-02 20:50 - 10063507 _____ () C:\Users\chris\Downloads\Semi_Trailer_v7.zip
2015-02-02 20:50 - 2015-02-02 20:50 - 08970327 _____ () C:\Users\chris\Downloads\Pagani_Zonda_Cinque_Roadster_2009.zip
2015-02-02 20:50 - 2015-02-02 20:50 - 07131728 _____ () C:\Users\chris\Downloads\Ford_GT_2005.zip
2015-02-02 20:49 - 2015-02-02 20:51 - 06102913 _____ () C:\Users\chris\Downloads\BKL_MAZ_535_.zip
2015-02-02 20:49 - 2015-02-02 20:50 - 03473213 _____ () C:\Users\chris\Downloads\DSC_Scarab_Reborn.zip
2015-02-02 19:31 - 2015-02-02 19:31 - 00000557 _____ () C:\Users\chris\Desktop\Mavericks 10.9 ISO .torrent - Shortcut.lnk
2015-02-02 18:41 - 2015-02-03 18:27 - 00000000 ____D () C:\FRST
2015-02-02 18:41 - 2015-02-02 18:41 - 02131456 _____ (Farbar) C:\Users\chris\Downloads\FRST64 (1).exe
2015-02-02 17:59 - 2015-02-02 17:59 - 02131456 _____ (Farbar) C:\Users\chris\Downloads\FRST64.exe
2015-02-02 17:59 - 2015-02-02 17:59 - 00380416 _____ () C:\Users\chris\Downloads\w0vfoghx.exe
2015-01-29 18:35 - 2015-01-29 18:35 - 00002116 _____ () C:\Users\Public\Desktop\CastleLink Graph Viewer V3.57.15.lnk
2015-01-29 18:35 - 2015-01-29 18:35 - 00001164 _____ () C:\Users\Public\Desktop\CastleLink V3.57.15.lnk
2015-01-29 18:35 - 2015-01-29 18:35 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Castle Creations
2015-01-29 18:35 - 2015-01-29 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Castle Link
2015-01-29 18:35 - 2015-01-29 18:35 - 00000000 ____D () C:\Program Files\Castle Creations
2015-01-29 18:35 - 2015-01-29 18:35 - 00000000 ____D () C:\Program Files (x86)\Castle Creations
2015-01-29 18:35 - 2012-12-12 12:50 - 00000323 _____ () C:\Users\chris\AppData\Local\CastleLinkProps.dat
2015-01-29 18:34 - 2015-01-29 18:35 - 17924192 _____ (Castle Creations) C:\Users\chris\Downloads\CastleLinkInstall_3.57.15.exe
2015-01-29 18:08 - 2015-01-29 18:08 - 00058641 _____ () C:\Users\chris\Downloads\O-demonoid.pw-O_Dying_Light_PC_full_game_DLC_nosTEAM__8174674.4312.TORRENT
2015-01-29 17:37 - 2015-01-29 21:34 - 00000000 ____D () C:\Users\chris\Documents\ManiaPlanet
2015-01-29 17:37 - 2015-01-29 21:03 - 00000000 ____D () C:\ProgramData\ManiaPlanet
2015-01-29 17:37 - 2015-01-29 17:37 - 00001144 _____ () C:\Users\Public\Desktop\TMStadium.lnk
2015-01-29 17:37 - 2015-01-29 17:37 - 00001096 _____ () C:\Users\Public\Desktop\ManiaPlanet.lnk
2015-01-29 17:37 - 2015-01-29 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManiaPlanet
2015-01-29 17:37 - 2015-01-29 17:37 - 00000000 ____D () C:\Program Files (x86)\ManiaPlanet
2015-01-29 17:19 - 2015-01-29 17:21 - 127307464 _____ (Nadeo ) C:\Users\chris\Downloads\Maniaplanet_Setup_TMValley.exe
2015-01-29 17:19 - 2015-01-29 17:21 - 127307464 _____ (Nadeo ) C:\Users\chris\Downloads\Maniaplanet_Setup_TMStadium.exe
2015-01-27 22:16 - 2015-01-27 22:16 - 00000000 ____D () C:\Users\chris\AppData\Local\Geld_Maker_2
2015-01-27 19:12 - 2015-01-27 19:12 - 16394240 _____ (Microsoft Corporation) C:\Users\chris\Downloads\Exoptable_Money.exe
2015-01-27 18:40 - 2015-01-27 18:40 - 00000000 ____D () C:\Crash
2015-01-27 10:42 - 2015-01-27 10:42 - 05610622 _____ (Swearware) C:\Users\chris\Downloads\ComboFix.exe
2015-01-27 10:38 - 2015-01-27 10:38 - 00000000 ____D () C:\Windows\ERUNT
2015-01-27 10:37 - 2015-02-03 18:27 - 00000000 ____D () C:\Users\chris\Desktop\New folder (9)
2015-01-27 10:37 - 2015-01-27 10:37 - 01707939 _____ (Thisisu) C:\Users\chris\Downloads\JRT.exe
2015-01-27 10:37 - 2015-01-27 10:37 - 01707939 _____ (Thisisu) C:\Users\chris\Desktop\JRT.exe
2015-01-27 10:29 - 2015-02-03 18:08 - 00000000 ____D () C:\AdwCleaner
2015-01-27 10:29 - 2015-01-27 10:29 - 02194432 _____ () C:\Users\chris\Downloads\AdwCleaner.exe
2015-01-27 10:28 - 2015-01-27 10:28 - 00688992 _____ (Swearware) C:\Users\chris\Downloads\dds.scr
2015-01-27 10:28 - 2015-01-27 10:28 - 00028722 _____ () C:\Users\chris\Desktop\dds.txt
2015-01-27 10:28 - 2015-01-27 10:28 - 00018675 _____ () C:\Users\chris\Desktop\attach.txt
2015-01-26 21:56 - 2015-01-26 21:56 - 00492040 _____ () C:\Users\chris\Downloads\ft-jetracer-bb75d57b786a779.rar
2015-01-26 20:17 - 2015-01-27 11:21 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-26 20:17 - 2015-01-26 20:17 - 00000000 ____D () C:\ProgramData\Licenses
2015-01-26 20:14 - 2015-01-26 20:14 - 00000000 ____D () C:\Users\chris\Documents\Simply Super Software
2015-01-26 20:14 - 2015-01-26 20:14 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Simply Super Software
2015-01-26 20:14 - 2015-01-26 20:14 - 00000000 ____D () C:\ProgramData\Simply Super Software
2015-01-26 20:14 - 2015-01-26 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-01-26 20:14 - 2015-01-26 20:14 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2015-01-26 20:13 - 2015-01-26 20:14 - 21657592 _____ (Simply Super Software ) C:\Users\chris\Downloads\trjsetup.exe
2015-01-26 20:13 - 2015-01-26 20:13 - 10273304 _____ (Simply Super Software ) C:\Users\chris\Downloads\trjsetup-9x.exe
2015-01-26 20:01 - 2015-01-26 20:01 - 00354396 _____ () C:\Users\chris\Downloads\SysProt.zip
2015-01-26 19:51 - 2015-01-26 19:51 - 36210245 _____ () C:\Users\chris\Downloads\MSIAfterburnerSetup410.zip
2015-01-22 21:56 - 2015-01-22 22:01 - 00000000 ____D () C:\Users\chris\Documents\Assetto Corsa
2015-01-22 18:03 - 2015-01-22 18:03 - 00016472 _____ () C:\Users\chris\Downloads\++demonoid.pw++-Archer_S06E02_720p_HDTV_MPEG2_SM10_(PS3_Compatible)_8174674.4312.TORRENT
2015-01-21 22:03 - 2015-01-21 22:04 - 00218880 _____ () C:\Users\chris\Desktop\crittermound.txt
2015-01-21 18:50 - 2015-01-21 18:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-21 18:25 - 2015-01-21 18:25 - 00179649 _____ () C:\Users\chris\Downloads\critter_mound_v1-1-4.zip
2015-01-19 20:07 - 2015-01-19 20:08 - 75854752 _____ () C:\Users\chris\Downloads\Kenworth_Long-Stas556_dmitry68.rar
2015-01-19 20:07 - 2015-01-19 20:07 - 00005698 _____ () C:\Users\chris\Downloads\zzzzzzz__No-barrier-mod.scs
2015-01-18 20:03 - 2015-01-18 20:04 - 01913535 _____ () C:\Users\chris\Downloads\Euro_Truck_Simulator_2_Super_Savegame_v2_by_Gamecheattuts.zip
2015-01-18 19:08 - 2015-01-18 19:08 - 00417371 _____ () C:\Users\chris\Downloads\ets2-jetracer-d6efb33187eafab.rar
2015-01-18 19:02 - 2015-01-18 19:02 - 00376923 _____ () C:\Users\chris\Downloads\ets2-jetracer-a9a095926a9237d.rar
2015-01-18 18:56 - 2015-01-18 18:56 - 00376337 _____ () C:\Users\chris\Downloads\ets2-jetracer-13649f08db1f6aa.rar
2015-01-18 18:38 - 2015-01-18 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DS4Windows
2015-01-18 18:37 - 2015-01-22 20:21 - 00000000 ____D () C:\Users\chris\Desktop\New folder (6)
2015-01-18 18:37 - 2015-01-18 18:37 - 01184674 _____ () C:\Users\chris\Downloads\DS4Windows.zip
2015-01-18 18:00 - 2015-01-18 18:01 - 00000000 ____D () C:\Users\chris\Desktop\New folder
2015-01-18 15:26 - 2015-01-18 15:26 - 00000932 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2015-01-18 15:26 - 2015-01-18 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2015-01-18 15:26 - 2015-01-18 15:26 - 00000000 ____D () C:\Program Files\MotioninJoy
2015-01-18 15:26 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll
2015-01-18 15:25 - 2015-01-18 15:26 - 04117346 _____ () C:\Users\chris\Downloads\motioninjoy-0-7-1001-en-win.zip
2015-01-18 15:24 - 2015-01-18 15:24 - 00759932 _____ () C:\Users\chris\Downloads\BetterDS3_1.5.3 (1).zip
2015-01-18 02:06 - 2015-01-18 02:06 - 00540657 _____ () C:\Users\chris\Downloads\4.16.401.9-noredtext-HBOOT-only.zip
2015-01-18 00:57 - 2015-01-18 00:57 - 32477132 _____ () C:\Users\chris\Downloads\firmware_unsigned_4.16.401.9.zip
2015-01-18 00:36 - 2015-01-18 00:36 - 00024773 _____ () C:\Users\chris\Downloads\myshazam-history.html
2015-01-13 18:25 - 2015-01-13 18:25 - 00000000 ____D () C:\ProgramData\.mono
2015-01-12 20:31 - 2015-01-12 20:31 - 00000000 ____D () C:\ProgramData\DSDCS
2015-01-12 20:28 - 2015-01-18 18:38 - 00001076 _____ () C:\Users\Public\Desktop\DS4Windows.lnk
2015-01-12 20:28 - 2015-01-12 20:31 - 00000000 ____D () C:\Users\chris\AppData\Roaming\DS4Windows
2015-01-12 20:28 - 2015-01-12 20:28 - 00000000 ____D () C:\ProgramData\Caphyon
2015-01-12 20:28 - 2015-01-12 20:28 - 00000000 ____D () C:\Program Files (x86)\DSDCS
2015-01-12 20:24 - 2015-01-18 18:37 - 00000000 ____D () C:\Users\chris\AppData\Roaming\DSDCS
2015-01-12 20:24 - 2015-01-12 20:24 - 17172123 _____ (DSDCS) C:\Users\chris\Downloads\DS4Windows(1.5.16).exe
2015-01-12 20:22 - 2015-01-12 20:22 - 00041304 _____ () C:\Users\chris\Downloads\Need_for_Speed_-_Underground_2_-_RELOADED.torrent
2015-01-12 18:31 - 2015-01-12 18:32 - 09817890 _____ () C:\Users\chris\Downloads\jeepwranglerrubicon.zip
2015-01-07 18:30 - 2015-01-07 18:30 - 00000110 _____ () C:\Users\chris\.dir
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serviio
2015-01-07 18:24 - 2015-01-07 18:25 - 28313048 _____ () C:\Users\chris\Downloads\serviio-1.4.1.2-win-setup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 18:27 - 2014-01-23 20:48 - 10066368 _____ () C:\Windows\backend.log
2015-02-03 18:27 - 2011-11-21 22:08 - 00359424 _____ () C:\Windows\SysWOW64\freqdb.db
2015-02-03 18:27 - 2009-07-13 23:45 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 18:27 - 2009-07-13 23:45 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 18:26 - 2009-07-14 00:13 - 00805382 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 18:24 - 2012-11-07 20:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 18:23 - 2012-11-07 20:20 - 02003308 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 18:20 - 2014-12-17 18:42 - 00000000 ____D () C:\Users\chris\.VirtualBox
2015-02-03 18:20 - 2014-08-19 19:44 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-03 18:20 - 2014-08-05 18:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-03 18:20 - 2014-03-18 18:56 - 00003022 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2015-02-03 18:20 - 2014-01-27 17:53 - 00436708 _____ () C:\Windows\PFRO.log
2015-02-03 18:20 - 2014-01-27 17:53 - 00064439 _____ () C:\Windows\setupact.log
2015-02-03 18:20 - 2013-12-11 21:17 - 00000189 _____ () C:\.dir
2015-02-03 18:20 - 2013-01-10 20:54 - 00000000 ____D () C:\ProgramData\VMware
2015-02-03 18:20 - 2012-12-31 01:49 - 00071952 _____ () C:\Windows\SysWOW64\mvaccelerator.log
2015-02-03 18:20 - 2012-12-03 19:03 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-03 18:20 - 2012-11-07 20:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 18:20 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 18:01 - 2014-08-19 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-03 18:01 - 2014-08-19 19:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-03 18:01 - 2013-02-04 21:04 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-03 05:55 - 2013-12-04 21:45 - 00000000 ____D () C:\Steam
2015-02-03 05:22 - 2013-05-22 15:46 - 00119296 _____ () C:\Windows\SysWOW64\zlib.dll
2015-02-03 00:28 - 2012-12-06 22:03 - 00000000 ____D () C:\Qoobox
2015-02-02 23:21 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-02 22:25 - 2012-11-08 15:52 - 00000000 ____D () C:\Windows\Minidump
2015-02-02 22:16 - 2012-11-07 20:47 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Spotify
2015-02-02 22:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-02 21:22 - 2014-12-21 18:34 - 00000000 ____D () C:\Program Files\Microsoft Xbox One Controller for Windows
2015-02-02 18:54 - 2012-11-07 20:46 - 00000000 ____D () C:\Users\chris\AppData\Roaming\uTorrent
2015-01-29 18:25 - 2013-01-13 22:00 - 00000000 ____D () C:\Users\chris\Documents\Virtual Machines
2015-01-29 17:37 - 2012-11-30 16:41 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-27 10:15 - 2013-02-04 21:15 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-27 09:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-26 21:27 - 2014-07-03 18:22 - 00000000 ____D () C:\Program Files (x86)\Space Run
2015-01-26 20:39 - 2014-03-25 16:57 - 00000000 ____D () C:\Users\chris\Downloads\guiminer
2015-01-26 20:23 - 2013-02-04 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-22 20:48 - 2012-11-20 20:08 - 00000000 ____D () C:\Users\chris\AppData\Local\Spotify
2015-01-22 20:42 - 2014-09-03 19:04 - 00000000 ____D () C:\Users\chris\Documents\Euro Truck Simulator 2
2015-01-22 16:56 - 2012-11-07 20:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-21 21:42 - 2012-11-28 20:00 - 00189480 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-01-21 21:42 - 2012-11-21 23:45 - 00189480 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-01-18 19:05 - 2012-11-07 20:44 - 00000000 ____D () C:\Users\chris\AppData\Local\CrashDumps
2015-01-18 02:09 - 2014-10-16 22:37 - 00000000 ____D () C:\adb
2015-01-13 19:44 - 2013-03-05 12:57 - 00000000 ____D () C:\Users\chris\Documents\America's Army 3
2015-01-13 18:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Vss
2015-01-12 20:27 - 2012-11-07 21:40 - 00797504 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-12 20:24 - 2012-11-07 20:24 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-01-12 20:20 - 2012-11-20 00:25 - 00000000 ____D () C:\Program Files (x86)\Everything
2015-01-08 09:55 - 2012-11-07 21:01 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 18:30 - 2012-11-07 20:20 - 00000000 ____D () C:\Users\chris
2015-01-07 18:24 - 2013-02-13 16:04 - 00000000 ____D () C:\ProgramData\boost_interprocess

==================== Files in the root of some directories =======

2013-04-18 13:48 - 2013-04-18 13:48 - 0000600 _____ () C:\Users\chris\AppData\Roaming\winscp.rnd
2013-05-18 18:03 - 2013-05-18 18:03 - 0000037 ___SH () C:\Users\chris\AppData\Local\70149b02515b3bb20dd492.47983420
2015-01-29 18:35 - 2012-12-12 12:50 - 0000323 _____ () C:\Users\chris\AppData\Local\CastleLinkProps.dat
2012-11-20 22:35 - 2013-09-15 21:40 - 1648640 _____ () C:\Users\chris\AppData\Local\file__0.localstorage
2013-09-10 14:33 - 2013-09-10 14:33 - 0000093 _____ () C:\Users\chris\AppData\Local\fusioncache.dat
2012-12-16 21:57 - 2013-02-22 00:09 - 0000600 _____ () C:\Users\chris\AppData\Local\PUTTY.RND
2012-11-07 20:26 - 2014-03-25 19:16 - 0007660 _____ () C:\Users\chris\AppData\Local\Resmon.ResmonCfg
2008-02-05 16:28 - 2008-02-05 16:28 - 0000051 _____ () C:\Users\chris\AppData\Local\setup.txt
2013-01-26 23:50 - 2014-04-24 17:26 - 0000080 _____ () C:\Users\chris\AppData\Local\X-Plane Installer.prf
2013-01-26 23:14 - 2013-01-29 21:15 - 0000052 _____ () C:\Users\chris\AppData\Local\x-plane_install_10.txt
2013-02-05 19:31 - 2013-02-18 10:56 - 0001808 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\chris\AppData\Roaming\Origin\update.vbe


Some content of TEMP:
====================
C:\Users\chris\AppData\Local\Temp\i4jdel0.exe
C:\Users\chris\AppData\Local\Temp\Quarantine.exe
C:\Users\chris\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 00:59

==================== End Of Log ============================


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:13 AM

Posted 04 February 2015 - 10:36 AM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-1862438995-2236925975-1376301958-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: YoutubeAdblocker -> {38201E90-AC3D-1609-67D6-FB51D81CC19F} -> C:\Program Files (x86)\YoutubeAdblocker\7KQ0gCg8.x64.dll No File
    BHO: savve iNeTT -> {38D33E68-6992-9D46-7B46-6AC80BDD7C73} -> C:\Program Files (x86)\savve iNeTT\a0L.x64.dll No File
    BHO: save nneet -> {51C77F53-9D57-F767-1A4C-D2E07814303E} -> C:\Program Files (x86)\save nneet\5QPWRfP.x64.dll No File
    BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> d:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll No File
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> d:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
    CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.google.com", "hxxp://start.sweetpacks.com/?barid={9D9D1250-D152-11E2-A4B8-867FA511E9C0}&src=10&crg=3.5000006.10043&st=23", "", "hxxp://websearch.amaizingsearches.info/?pid=34&r=2014/04/24&hid=11043303596252314929&lg=EN&cc=US&unqvl=51", "hxxp://groovorio.com/?f=7&a=grv_tight3_14_33&cd=2XzuyEtN2Y1L1QzuyDyEtDyE0AyC0DzyyEtCtAtB0A0EtBtDtN0D0Tzu0StCtDtAyDtN1L2XzutAtFyDtFtCtFtCtN1L1Czu2Z1L1N1M2Z1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2StAyByE0F0FtC0FtBtG0Ezy0DtCtGtAtB0F0FtGyCyEyBtBtGtBtD0AyEyE0EzytDyEzyzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0CtBtAtByD0AtCtGtByDyC0DtGyEtDtAzztGzy0B0F0CtGtBtAyEyDyD0FyCzzyEzyzztD2Q&cr=1748699203&ir="
    CHR HKLM-x32\...\Chrome\Extension: [cbmodlhkmdkbgdcpaekfpdddhhhbicnn] - C:\ProgramData\Zoomex\cbmodlhkmdkbgdcpaekfpdddhhhbicnn.crx [Not Found]
    C:\Users\chris\AppData\Roaming\Origin\update.vbe
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 jetracer

jetracer
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 04 February 2015 - 08:30 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01
Ran by chris at 2015-02-04 17:57:21 Run:1
Running from C:\Users\chris\Desktop
Loaded Profiles: chris (Available profiles: chris)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1862438995-2236925975-1376301958-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: YoutubeAdblocker -> {38201E90-AC3D-1609-67D6-FB51D81CC19F} -> C:\Program Files (x86)\YoutubeAdblocker\7KQ0gCg8.x64.dll No File
BHO: savve iNeTT -> {38D33E68-6992-9D46-7B46-6AC80BDD7C73} -> C:\Program Files (x86)\savve iNeTT\a0L.x64.dll No File
BHO: save nneet -> {51C77F53-9D57-F767-1A4C-D2E07814303E} -> C:\Program Files (x86)\save nneet\5QPWRfP.x64.dll No File
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> d:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> d:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.google.com", "hxxp://start.sweetpacks.com/?barid={9D9D1250-D152-11E2-A4B8-867FA511E9C0}&src=10&crg=3.5000006.10043&st=23", "", "hxxp://websearch.amaizingsearches.info/?pid=34&r=2014/04/24&hid=11043303596252314929&lg=EN&cc=US&unqvl=51", "hxxp://groovorio.com/?f=7&a=grv_tight3_14_33&cd=2XzuyEtN2Y1L1QzuyDyEtDyE0AyC0DzyyEtCtAtB0A0EtBtDtN0D0Tzu0StCtDtAyDtN1L2XzutAtFyDtFtCtFtCtN1L1Czu2Z1L1N1M2Z1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2StAyByE0F0FtC0FtBtG0Ezy0DtCtGtAtB0F0FtGyCyEyBtBtGtBtD0AyEyE0EzytDyEzyzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0CtBtAtByD0AtCtGtByDyC0DtGyEtDtAzztGzy0B0F0CtGtBtAyEyDyD0FyCzzyEzyzztD2Q&cr=1748699203&ir="
CHR HKLM-x32\...\Chrome\Extension: [cbmodlhkmdkbgdcpaekfpdddhhhbicnn] - C:\ProgramData\Zoomex\cbmodlhkmdkbgdcpaekfpdddhhhbicnn.crx [Not Found]
C:\Users\chris\AppData\Roaming\Origin\update.vbe
EmptyTemp:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-1862438995-2236925975-1376301958-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38201E90-AC3D-1609-67D6-FB51D81CC19F}" => Key deleted successfully.
"HKCR\CLSID\{38201E90-AC3D-1609-67D6-FB51D81CC19F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38D33E68-6992-9D46-7B46-6AC80BDD7C73}" => Key deleted successfully.
"HKCR\CLSID\{38D33E68-6992-9D46-7B46-6AC80BDD7C73}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51C77F53-9D57-F767-1A4C-D2E07814303E}" => Key deleted successfully.
"HKCR\CLSID\{51C77F53-9D57-F767-1A4C-D2E07814303E}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84BFE29A-8139-402a-B2A4-C23AE9E1A75F}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{84BFE29A-8139-402a-B2A4-C23AE9E1A75F}" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin" => Key deleted successfully.
Chrome StartupUrls deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cbmodlhkmdkbgdcpaekfpdddhhhbicnn" => Key deleted successfully.
C:\Users\chris\AppData\Roaming\Origin\update.vbe => Moved successfully.
EmptyTemp: => Removed 1 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 17:57:37 ====
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by chris (administrator) on CHRIS-PC on 04-02-2015 20:27:28
Running from C:\Users\chris\Desktop\New folder (9)
Loaded Profiles: chris (Available profiles: chris)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.crush prodructions\bin\ScpService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) C:\Program Files (x86)\iRacing\iRacingService.exe
(Marvell) C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Mr. John aka japamd) C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(CERN, PH/SFT Group) C:\Program Files (x86)\CERN\CernVMWebAPI\cernvm-webapi.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
() C:\Program Files\Serviio\bin\ServiioConsole.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [735744 2013-02-27] (Creative Technology Ltd)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-06-23] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2015-01-26] (Simply Super Software)
HKU\S-1-5-21-1862438995-2236925975-1376301958-1000\...\Run: [GoogleChromeAutoLaunch_7DCB6618398493FAB54700F5A3F17DEB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)
HKU\S-1-5-21-1862438995-2236925975-1376301958-1000\...\Run: [Spotify Web Helper] => C:\Users\chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-21] (Spotify Ltd)
HKU\S-1-5-21-1862438995-2236925975-1376301958-1000\...\Run: [CernVM WebAPI] => C:\Program Files (x86)\CERN\CernVMWebAPI\cernvm-webapi.exe [2763000 2014-12-05] (CERN, PH/SFT Group)
Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk
ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1862438995-2236925975-1376301958-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{44E737CA-93BF-49EC-8B3C-8F4890541833}: [NameServer] 8.8.8.8,75.75.75.75

FireFox:
========
FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\gy8oz42h.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @vizzed.com/VizzedRGR -> C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1862438995-2236925975-1376301958-1000: @hulu.com/Hulu Desktop -> C:\Users\chris\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKU\S-1-5-21-1862438995-2236925975-1376301958-1000: @tools.google.com/Google Update;version=3 -> C:\Users\chris\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1862438995-2236925975-1376301958-1000: @tools.google.com/Google Update;version=9 -> C:\Users\chris\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1862438995-2236925975-1376301958-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1862438995-2236925975-1376301958-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin HKU\S-1-5-21-1862438995-2236925975-1376301958-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2015-01-21]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-05]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF HKU\S-1-5-21-1862438995-2236925975-1376301958-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.google.com", "hxxp://start.sweetpacks.com/?barid={9D9D1250-D152-11E2-A4B8-867FA511E9C0}&src=10&crg=3.5000006.10043&st=23", "", "hxxp://websearch.amaizingsearches.info/?pid=34&r=2014/04/24&hid=11043303596252314929&lg=EN&cc=US&unqvl=51", "hxxp://groovorio.com/?f=7&a=grv_tight3_14_33&cd=2XzuyEtN2Y1L1QzuyDyEtDyE0AyC0DzyyEtCtAtB0A0EtBtDtN0D0Tzu0StCtDtAyDtN1L2XzutAtFyDtFtCtFtCtN1L1Czu2Z1L1N1M2Z1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2StAyByE0F0FtC0FtBtG0Ezy0DtCtGtAtB0F0FtGyCyEyBtBtGtBtD0AyEyE0EzytDyEzyzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0CtBtAtByD0AtCtGtByDyC0DtGyEtDtAzztGzy0B0F0CtGtBtAyEyDyD0FyCzzyEzyzztD2Q&cr=1748699203&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-08-20]
CHR Extension: (Angry Birds) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-08-20]
CHR Extension: (Google Docs) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]
CHR Extension: (Google Drive) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-19]
CHR Extension: (Turn Off the Lights) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-08-20]
CHR Extension: (YouTube) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]
CHR Extension: (Adblock Plus) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-20]
CHR Extension: (Google Search) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]
CHR Extension: (Castle Age) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbjgjgmolalkjmififnbhebieijgkiic [2014-08-20]
CHR Extension: (Center Image) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkiklnjkgjkmamgoaggongdmekajdlki [2014-08-20]
CHR Extension: (AdBlock) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-20]
CHR Extension: (Isoball 3) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2014-08-20]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-08-20]
CHR Extension: (Poppit!) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-20]
CHR Extension: (Ghostery) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-08-20]
CHR Extension: (Google Wallet) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-08-20]
CHR Extension: (chromeIPass) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ompiailgknfdndiefoaoiligalphfdae [2014-08-20]
CHR Extension: (Gmail) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-19] (SUPERAntiSpyware.com)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-01] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-15] () [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [406288 2014-06-23] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-06-23] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-06-23] (BlueStack Systems, Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-09-12] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-09-12] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [112640 2013-07-03] (Creative Technology Ltd)
R2 Ds3Service; C:\Program Files\Scarlet.crush prodructions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 iRacingService; C:\Program Files (x86)\iRacing\iRacingService.exe [786600 2014-03-20] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) [File not signed]
R2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2011-11-21] (Apache Software Foundation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4230040 2013-04-14] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [430080 2011-05-09] (PowerUp Software, LLC) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-20] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189480 2015-01-21] ()
R2 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed]
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [359936 2014-03-20] () [File not signed]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-08] (Company) [File not signed]
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2012-11-01] (VMware, Inc.) [File not signed]
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [13234176 2012-11-01] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ArcService; d:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-06-23] (BlueStack Systems)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1060632 2013-07-03] (Creative Technology Ltd)
R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [34072 2013-07-03] (Creative Technology Ltd)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [38096 2012-12-17] (GFI Software)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\atBIOS\GPCIDrv64.sys [14376 2010-02-04] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2012-12-22] (http://libusb-win32.sourceforge.net)
S3 libusb0; C:\Windows\SysWOW64\DRIVERS\libusb0.sys [33792 2005-03-09] () [File not signed]
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [115272 2011-11-10] (MotioninJoy) [File not signed]
R3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2011-11-21] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] ()
S3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [340992 2007-12-26] (NETGEAR Inc.)
S3 SaiH0762; C:\Windows\System32\DRIVERS\SaiH0762.sys [178304 2008-02-15] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22792 2010-08-10] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-08-10] (Saitek)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15712 2013-07-29] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
S3 AtiHDAudioService; system32\drivers\AtihdW76.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 18:03 - 2015-02-04 18:03 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-04 17:57 - 2015-02-04 17:57 - 00000000 ____D () C:\Users\chris\Desktop\FRST-OlderVersion
2015-02-03 20:44 - 2015-02-03 20:44 - 05227019 _____ () C:\Users\chris\Downloads\namebench-1.3.1-Windows.exe
2015-02-03 18:44 - 2015-02-03 18:44 - 00000000 ____D () C:\Users\chris\Documents\DyingLight
2015-02-03 18:01 - 2015-02-03 18:01 - 01388274 _____ (Thisisu) C:\Users\chris\Downloads\JRT (1).exe
2015-02-03 18:00 - 2015-02-03 18:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\chris\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-03 18:00 - 2015-02-03 18:00 - 02194432 _____ () C:\Users\chris\Downloads\AdwCleaner (1).exe
2015-02-03 00:25 - 2015-02-03 00:25 - 00044017 _____ () C:\ComboFix.txt
2015-02-02 22:26 - 2015-02-02 22:26 - 01188194 _____ () C:\Users\chris\Downloads\ProcessExplorer (1).zip
2015-02-02 21:21 - 2015-02-02 21:21 - 02854912 _____ () C:\Users\chris\Downloads\xb1usb.11059.0.140526x64 (1).msi
2015-02-02 20:52 - 2015-02-02 21:00 - 215505190 _____ () C:\Users\chris\Downloads\Insane_Testing_With_Race_Track.zip
2015-02-02 20:52 - 2015-02-02 20:57 - 128233501 _____ () C:\Users\chris\Downloads\Advanced_Island.zip
2015-02-02 20:52 - 2015-02-02 20:54 - 53326713 _____ () C:\Users\chris\Downloads\UltimateTerrainV4_BeamNG_DRIVE.zip
2015-02-02 20:52 - 2015-02-02 20:52 - 15697679 _____ () C:\Users\chris\Downloads\SardianHeights.zip
2015-02-02 20:52 - 2015-02-02 20:52 - 09481356 _____ () C:\Users\chris\Downloads\Endless_Highway.zip
2015-02-02 20:51 - 2015-02-02 20:51 - 13429894 _____ () C:\Users\chris\Downloads\AM_General_M35A2_195.zip
2015-02-02 20:50 - 2015-02-02 20:51 - 12671694 _____ () C:\Users\chris\Downloads\DK_94_ZJV1.1 (1).zip
2015-02-02 20:50 - 2015-02-02 20:51 - 11230959 _____ () C:\Users\chris\Downloads\Subaru-Impreza-wrx-sti-2011.zip
2015-02-02 20:50 - 2015-02-02 20:51 - 03073946 _____ () C:\Users\chris\Downloads\nuda.zip
2015-02-02 20:50 - 2015-02-02 20:50 - 10063507 _____ () C:\Users\chris\Downloads\Semi_Trailer_v7.zip
2015-02-02 20:50 - 2015-02-02 20:50 - 08970327 _____ () C:\Users\chris\Downloads\Pagani_Zonda_Cinque_Roadster_2009.zip
2015-02-02 20:50 - 2015-02-02 20:50 - 07131728 _____ () C:\Users\chris\Downloads\Ford_GT_2005.zip
2015-02-02 20:49 - 2015-02-02 20:51 - 06102913 _____ () C:\Users\chris\Downloads\BKL_MAZ_535_.zip
2015-02-02 20:49 - 2015-02-02 20:50 - 03473213 _____ () C:\Users\chris\Downloads\DSC_Scarab_Reborn.zip
2015-02-02 19:31 - 2015-02-02 19:31 - 00000557 _____ () C:\Users\chris\Desktop\Mavericks 10.9 ISO .torrent - Shortcut.lnk
2015-02-02 18:41 - 2015-02-04 20:27 - 00000000 ____D () C:\FRST
2015-02-02 18:41 - 2015-02-02 18:41 - 02131456 _____ (Farbar) C:\Users\chris\Downloads\FRST64 (1).exe
2015-02-02 17:59 - 2015-02-02 17:59 - 02131456 _____ (Farbar) C:\Users\chris\Downloads\FRST64.exe
2015-02-02 17:59 - 2015-02-02 17:59 - 00380416 _____ () C:\Users\chris\Downloads\w0vfoghx.exe
2015-01-29 18:35 - 2015-01-29 18:35 - 00002116 _____ () C:\Users\Public\Desktop\CastleLink Graph Viewer V3.57.15.lnk
2015-01-29 18:35 - 2015-01-29 18:35 - 00001164 _____ () C:\Users\Public\Desktop\CastleLink V3.57.15.lnk
2015-01-29 18:35 - 2015-01-29 18:35 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Castle Creations
2015-01-29 18:35 - 2015-01-29 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Castle Link
2015-01-29 18:35 - 2015-01-29 18:35 - 00000000 ____D () C:\Program Files\Castle Creations
2015-01-29 18:35 - 2015-01-29 18:35 - 00000000 ____D () C:\Program Files (x86)\Castle Creations
2015-01-29 18:35 - 2012-12-12 12:50 - 00000323 _____ () C:\Users\chris\AppData\Local\CastleLinkProps.dat
2015-01-29 18:34 - 2015-01-29 18:35 - 17924192 _____ (Castle Creations) C:\Users\chris\Downloads\CastleLinkInstall_3.57.15.exe
2015-01-29 18:08 - 2015-01-29 18:08 - 00058641 _____ () C:\Users\chris\Downloads\O-demonoid.pw-O_Dying_Light_PC_full_game_DLC_nosTEAM__8174674.4312.TORRENT
2015-01-29 17:37 - 2015-01-29 21:34 - 00000000 ____D () C:\Users\chris\Documents\ManiaPlanet
2015-01-29 17:37 - 2015-01-29 21:03 - 00000000 ____D () C:\ProgramData\ManiaPlanet
2015-01-29 17:37 - 2015-01-29 17:37 - 00001144 _____ () C:\Users\Public\Desktop\TMStadium.lnk
2015-01-29 17:37 - 2015-01-29 17:37 - 00001096 _____ () C:\Users\Public\Desktop\ManiaPlanet.lnk
2015-01-29 17:37 - 2015-01-29 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManiaPlanet
2015-01-29 17:37 - 2015-01-29 17:37 - 00000000 ____D () C:\Program Files (x86)\ManiaPlanet
2015-01-29 17:19 - 2015-01-29 17:21 - 127307464 _____ (Nadeo ) C:\Users\chris\Downloads\Maniaplanet_Setup_TMValley.exe
2015-01-29 17:19 - 2015-01-29 17:21 - 127307464 _____ (Nadeo ) C:\Users\chris\Downloads\Maniaplanet_Setup_TMStadium.exe
2015-01-27 22:16 - 2015-01-27 22:16 - 00000000 ____D () C:\Users\chris\AppData\Local\Geld_Maker_2
2015-01-27 19:12 - 2015-01-27 19:12 - 16394240 _____ (Microsoft Corporation) C:\Users\chris\Downloads\Exoptable_Money.exe
2015-01-27 18:40 - 2015-01-27 18:40 - 00000000 ____D () C:\Crash
2015-01-27 10:42 - 2015-01-27 10:42 - 05610622 _____ (Swearware) C:\Users\chris\Downloads\ComboFix.exe
2015-01-27 10:38 - 2015-01-27 10:38 - 00000000 ____D () C:\Windows\ERUNT
2015-01-27 10:37 - 2015-02-04 20:27 - 00000000 ____D () C:\Users\chris\Desktop\New folder (9)
2015-01-27 10:37 - 2015-01-27 10:37 - 01707939 _____ (Thisisu) C:\Users\chris\Downloads\JRT.exe
2015-01-27 10:37 - 2015-01-27 10:37 - 01707939 _____ (Thisisu) C:\Users\chris\Desktop\JRT.exe
2015-01-27 10:29 - 2015-02-03 18:08 - 00000000 ____D () C:\AdwCleaner
2015-01-27 10:29 - 2015-01-27 10:29 - 02194432 _____ () C:\Users\chris\Downloads\AdwCleaner.exe
2015-01-27 10:28 - 2015-01-27 10:28 - 00688992 _____ (Swearware) C:\Users\chris\Downloads\dds.scr
2015-01-27 10:28 - 2015-01-27 10:28 - 00028722 _____ () C:\Users\chris\Desktop\dds.txt
2015-01-27 10:28 - 2015-01-27 10:28 - 00018675 _____ () C:\Users\chris\Desktop\attach.txt
2015-01-26 21:56 - 2015-01-26 21:56 - 00492040 _____ () C:\Users\chris\Downloads\ft-jetracer-bb75d57b786a779.rar
2015-01-26 20:17 - 2015-01-27 11:21 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-26 20:17 - 2015-01-26 20:17 - 00000000 ____D () C:\ProgramData\Licenses
2015-01-26 20:14 - 2015-01-26 20:14 - 00000000 ____D () C:\Users\chris\Documents\Simply Super Software
2015-01-26 20:14 - 2015-01-26 20:14 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Simply Super Software
2015-01-26 20:14 - 2015-01-26 20:14 - 00000000 ____D () C:\ProgramData\Simply Super Software
2015-01-26 20:14 - 2015-01-26 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-01-26 20:14 - 2015-01-26 20:14 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2015-01-26 20:13 - 2015-01-26 20:14 - 21657592 _____ (Simply Super Software ) C:\Users\chris\Downloads\trjsetup.exe
2015-01-26 20:13 - 2015-01-26 20:13 - 10273304 _____ (Simply Super Software ) C:\Users\chris\Downloads\trjsetup-9x.exe
2015-01-26 20:01 - 2015-01-26 20:01 - 00354396 _____ () C:\Users\chris\Downloads\SysProt.zip
2015-01-26 19:51 - 2015-01-26 19:51 - 36210245 _____ () C:\Users\chris\Downloads\MSIAfterburnerSetup410.zip
2015-01-22 21:56 - 2015-01-22 22:01 - 00000000 ____D () C:\Users\chris\Documents\Assetto Corsa
2015-01-22 18:03 - 2015-01-22 18:03 - 00016472 _____ () C:\Users\chris\Downloads\++demonoid.pw++-Archer_S06E02_720p_HDTV_MPEG2_SM10_(PS3_Compatible)_8174674.4312.TORRENT
2015-01-21 22:03 - 2015-01-21 22:04 - 00218880 _____ () C:\Users\chris\Desktop\crittermound.txt
2015-01-21 18:50 - 2015-01-21 18:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-21 18:25 - 2015-01-21 18:25 - 00179649 _____ () C:\Users\chris\Downloads\critter_mound_v1-1-4.zip
2015-01-19 20:07 - 2015-01-19 20:08 - 75854752 _____ () C:\Users\chris\Downloads\Kenworth_Long-Stas556_dmitry68.rar
2015-01-19 20:07 - 2015-01-19 20:07 - 00005698 _____ () C:\Users\chris\Downloads\zzzzzzz__No-barrier-mod.scs
2015-01-18 20:03 - 2015-01-18 20:04 - 01913535 _____ () C:\Users\chris\Downloads\Euro_Truck_Simulator_2_Super_Savegame_v2_by_Gamecheattuts.zip
2015-01-18 19:08 - 2015-01-18 19:08 - 00417371 _____ () C:\Users\chris\Downloads\ets2-jetracer-d6efb33187eafab.rar
2015-01-18 19:02 - 2015-01-18 19:02 - 00376923 _____ () C:\Users\chris\Downloads\ets2-jetracer-a9a095926a9237d.rar
2015-01-18 18:56 - 2015-01-18 18:56 - 00376337 _____ () C:\Users\chris\Downloads\ets2-jetracer-13649f08db1f6aa.rar
2015-01-18 18:38 - 2015-01-18 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DS4Windows
2015-01-18 18:37 - 2015-01-22 20:21 - 00000000 ____D () C:\Users\chris\Desktop\New folder (6)
2015-01-18 18:37 - 2015-01-18 18:37 - 01184674 _____ () C:\Users\chris\Downloads\DS4Windows.zip
2015-01-18 18:00 - 2015-01-18 18:01 - 00000000 ____D () C:\Users\chris\Desktop\New folder
2015-01-18 15:26 - 2015-01-18 15:26 - 00000932 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2015-01-18 15:26 - 2015-01-18 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2015-01-18 15:26 - 2015-01-18 15:26 - 00000000 ____D () C:\Program Files\MotioninJoy
2015-01-18 15:26 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll
2015-01-18 15:25 - 2015-01-18 15:26 - 04117346 _____ () C:\Users\chris\Downloads\motioninjoy-0-7-1001-en-win.zip
2015-01-18 15:24 - 2015-01-18 15:24 - 00759932 _____ () C:\Users\chris\Downloads\BetterDS3_1.5.3 (1).zip
2015-01-18 02:06 - 2015-01-18 02:06 - 00540657 _____ () C:\Users\chris\Downloads\4.16.401.9-noredtext-HBOOT-only.zip
2015-01-18 00:57 - 2015-01-18 00:57 - 32477132 _____ () C:\Users\chris\Downloads\firmware_unsigned_4.16.401.9.zip
2015-01-18 00:36 - 2015-01-18 00:36 - 00024773 _____ () C:\Users\chris\Downloads\myshazam-history.html
2015-01-13 18:25 - 2015-01-13 18:25 - 00000000 ____D () C:\ProgramData\.mono
2015-01-12 20:31 - 2015-01-12 20:31 - 00000000 ____D () C:\ProgramData\DSDCS
2015-01-12 20:28 - 2015-01-18 18:38 - 00001076 _____ () C:\Users\Public\Desktop\DS4Windows.lnk
2015-01-12 20:28 - 2015-01-12 20:31 - 00000000 ____D () C:\Users\chris\AppData\Roaming\DS4Windows
2015-01-12 20:28 - 2015-01-12 20:28 - 00000000 ____D () C:\ProgramData\Caphyon
2015-01-12 20:28 - 2015-01-12 20:28 - 00000000 ____D () C:\Program Files (x86)\DSDCS
2015-01-12 20:24 - 2015-01-18 18:37 - 00000000 ____D () C:\Users\chris\AppData\Roaming\DSDCS
2015-01-12 20:24 - 2015-01-12 20:24 - 17172123 _____ (DSDCS) C:\Users\chris\Downloads\DS4Windows(1.5.16).exe
2015-01-12 20:22 - 2015-01-12 20:22 - 00041304 _____ () C:\Users\chris\Downloads\Need_for_Speed_-_Underground_2_-_RELOADED.torrent
2015-01-12 18:31 - 2015-01-12 18:32 - 09817890 _____ () C:\Users\chris\Downloads\jeepwranglerrubicon.zip
2015-01-07 18:30 - 2015-01-07 18:30 - 00000110 _____ () C:\Users\chris\.dir
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serviio
2015-01-07 18:24 - 2015-01-07 18:25 - 28313048 _____ () C:\Users\chris\Downloads\serviio-1.4.1.2-win-setup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 20:27 - 2014-01-23 20:48 - 10138888 _____ () C:\Windows\backend.log
2015-02-04 20:27 - 2011-11-21 22:08 - 00360448 _____ () C:\Windows\SysWOW64\freqdb.db
2015-02-04 20:22 - 2012-11-07 20:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 18:05 - 2009-07-13 23:45 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 18:05 - 2009-07-13 23:45 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 18:04 - 2009-07-14 00:13 - 00805382 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-04 18:01 - 2012-11-07 20:20 - 02011036 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 17:58 - 2014-12-17 18:42 - 00000000 ____D () C:\Users\chris\.VirtualBox
2015-02-04 17:58 - 2014-08-05 18:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-04 17:58 - 2014-03-18 18:56 - 00003022 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2015-02-04 17:58 - 2014-01-27 17:53 - 00437636 _____ () C:\Windows\PFRO.log
2015-02-04 17:58 - 2014-01-27 17:53 - 00064775 _____ () C:\Windows\setupact.log
2015-02-04 17:58 - 2013-12-11 21:17 - 00000189 _____ () C:\.dir
2015-02-04 17:58 - 2013-01-10 20:54 - 00000000 ____D () C:\ProgramData\VMware
2015-02-04 17:58 - 2012-12-31 01:49 - 00072160 _____ () C:\Windows\SysWOW64\mvaccelerator.log
2015-02-04 17:58 - 2012-12-03 19:03 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-04 17:58 - 2012-11-07 20:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 17:58 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 17:57 - 2012-12-02 12:48 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Origin
2015-02-04 17:41 - 2013-05-22 15:46 - 00119296 _____ () C:\Windows\SysWOW64\zlib.dll
2015-02-03 20:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-03 20:21 - 2013-12-04 21:45 - 00000000 ____D () C:\Steam
2015-02-03 18:20 - 2014-08-19 19:44 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-03 18:01 - 2014-08-19 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-03 18:01 - 2014-08-19 19:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-03 18:01 - 2013-02-04 21:04 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-03 00:28 - 2012-12-06 22:03 - 00000000 ____D () C:\Qoobox
2015-02-02 23:21 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-02 22:25 - 2012-11-08 15:52 - 00000000 ____D () C:\Windows\Minidump
2015-02-02 22:16 - 2012-11-07 20:47 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Spotify
2015-02-02 21:22 - 2014-12-21 18:34 - 00000000 ____D () C:\Program Files\Microsoft Xbox One Controller for Windows
2015-02-02 18:54 - 2012-11-07 20:46 - 00000000 ____D () C:\Users\chris\AppData\Roaming\uTorrent
2015-01-29 18:25 - 2013-01-13 22:00 - 00000000 ____D () C:\Users\chris\Documents\Virtual Machines
2015-01-29 17:37 - 2012-11-30 16:41 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-27 10:15 - 2013-02-04 21:15 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-27 09:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-26 21:27 - 2014-07-03 18:22 - 00000000 ____D () C:\Program Files (x86)\Space Run
2015-01-26 20:39 - 2014-03-25 16:57 - 00000000 ____D () C:\Users\chris\Downloads\guiminer
2015-01-26 20:23 - 2013-02-04 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-22 20:48 - 2012-11-20 20:08 - 00000000 ____D () C:\Users\chris\AppData\Local\Spotify
2015-01-22 20:42 - 2014-09-03 19:04 - 00000000 ____D () C:\Users\chris\Documents\Euro Truck Simulator 2
2015-01-22 16:56 - 2012-11-07 20:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-21 21:42 - 2012-11-28 20:00 - 00189480 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-01-21 21:42 - 2012-11-21 23:45 - 00189480 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-01-18 19:05 - 2012-11-07 20:44 - 00000000 ____D () C:\Users\chris\AppData\Local\CrashDumps
2015-01-18 02:09 - 2014-10-16 22:37 - 00000000 ____D () C:\adb
2015-01-13 19:44 - 2013-03-05 12:57 - 00000000 ____D () C:\Users\chris\Documents\America's Army 3
2015-01-13 18:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Vss
2015-01-12 20:27 - 2012-11-07 21:40 - 00797504 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-12 20:24 - 2012-11-07 20:24 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-01-12 20:20 - 2012-11-20 00:25 - 00000000 ____D () C:\Program Files (x86)\Everything
2015-01-08 09:55 - 2012-11-07 21:01 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 18:30 - 2012-11-07 20:20 - 00000000 ____D () C:\Users\chris
2015-01-07 18:24 - 2013-02-13 16:04 - 00000000 ____D () C:\ProgramData\boost_interprocess

==================== Files in the root of some directories =======

2013-04-18 13:48 - 2013-04-18 13:48 - 0000600 _____ () C:\Users\chris\AppData\Roaming\winscp.rnd
2013-05-18 18:03 - 2013-05-18 18:03 - 0000037 ___SH () C:\Users\chris\AppData\Local\70149b02515b3bb20dd492.47983420
2015-01-29 18:35 - 2012-12-12 12:50 - 0000323 _____ () C:\Users\chris\AppData\Local\CastleLinkProps.dat
2012-11-20 22:35 - 2013-09-15 21:40 - 1648640 _____ () C:\Users\chris\AppData\Local\file__0.localstorage
2013-09-10 14:33 - 2013-09-10 14:33 - 0000093 _____ () C:\Users\chris\AppData\Local\fusioncache.dat
2012-12-16 21:57 - 2013-02-22 00:09 - 0000600 _____ () C:\Users\chris\AppData\Local\PUTTY.RND
2012-11-07 20:26 - 2014-03-25 19:16 - 0007660 _____ () C:\Users\chris\AppData\Local\Resmon.ResmonCfg
2008-02-05 16:28 - 2008-02-05 16:28 - 0000051 _____ () C:\Users\chris\AppData\Local\setup.txt
2013-01-26 23:50 - 2014-04-24 17:26 - 0000080 _____ () C:\Users\chris\AppData\Local\X-Plane Installer.prf
2013-01-26 23:14 - 2013-01-29 21:15 - 0000052 _____ () C:\Users\chris\AppData\Local\x-plane_install_10.txt
2013-02-05 19:31 - 2013-02-18 10:56 - 0001808 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 00:59

==================== End Of Log ============================
C:\AdwCleaner\Quarantine\C\ProgramData\Zoomex\cbmodlhkmdkbgdcpaekfpdddhhhbicnn.crx.vir	Win32/Adware.MultiPlug.H application	
C:\AdwCleaner\Quarantine\C\ProgramData\Zoomex\settings.ini.vir	Win32/Adware.MultiPlug.F application	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\wOMY2whnc4.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\KCPl28f6b.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\wOMY2whnc4.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\UED.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpaohbhhmkghoigohhaoeminpoonmgd\5.14\FG9fb9mJ7O.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\emljngpebbdgekgdnliaipkldebedgkh\1.0\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\emljngpebbdgekgdnliaipkldebedgkh\1.0\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\emljngpebbdgekgdnliaipkldebedgkh\1.0\Qj_gDgMaeTg.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gokbfphdbnpbeiacfifmeohhbaoegklf\1.0\MDO.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nliobhfcclopglhckmefaekcokmcjojg\5.14\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nliobhfcclopglhckmefaekcokmcjojg\5.14\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nliobhfcclopglhckmefaekcokmcjojg\5.14\WIRxLPlC.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\KCPl28f6b.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\wOMY2whnc4.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\KCPl28f6b.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\wOMY2whnc4.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\R4q8_c0.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\KCPl28f6b.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\wOMY2whnc4.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\KCPl28f6b.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\wOMY2whnc4.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\UED.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpaohbhhmkghoigohhaoeminpoonmgd\5.14\FG9fb9mJ7O.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\emljngpebbdgekgdnliaipkldebedgkh\1.0\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\emljngpebbdgekgdnliaipkldebedgkh\1.0\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\emljngpebbdgekgdnliaipkldebedgkh\1.0\Qj_gDgMaeTg.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\gokbfphdbnpbeiacfifmeohhbaoegklf\1.0\MDO.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\nliobhfcclopglhckmefaekcokmcjojg\5.14\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\nliobhfcclopglhckmefaekcokmcjojg\5.14\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\nliobhfcclopglhckmefaekcokmcjojg\5.14\WIRxLPlC.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\KCPl28f6b.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\wOMY2whnc4.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\KCPl28f6b.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\wOMY2whnc4.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\R4q8_c0.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\KCPl28f6b.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\chris\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\chris\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\chris\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\wOMY2whnc4.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\chris\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\chris\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\KCPl28f6b.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\chris\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\chris\AppData\Local\torch\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\chris\AppData\Local\torch\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\chris\AppData\Local\torch\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\wOMY2whnc4.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\chris\AppData\Local\torch\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\chris\AppData\Local\torch\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\chris\AppData\Local\torch\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\R4q8_c0.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\chris\AppData\Local\torch\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\chris\AppData\Local\torch\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\KCPl28f6b.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\chris\AppData\Local\torch\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\wOMY2whnc4.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\KCPl28f6b.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\wOMY2whnc4.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\KCPl28f6b.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\wOMY2whnc4.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\KCPl28f6b.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\wOMY2whnc4.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\R4q8_c0.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\KCPl28f6b.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\wOMY2whnc4.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\KCPl28f6b.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\wOMY2whnc4.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\KCPl28f6b.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\wOMY2whnc4.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\KCPl28f6b.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\bnlncbinmagnecbclbcabnbpjjegbgoe\1.0\wOMY2whnc4.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\R4q8_c0.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\content.js.vir	JS/Chromex.Agent.L trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\KCPl28f6b.js.vir	JS/Kryptik.ATB trojan	
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\pmckbbclblkkhcpjjnplaalifmdabkeg\5.14\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\ProgramData\InstallMate\{8AC7C0F5-437A-43B7-A15C-0B585124E203}\Custom.dll	Win32/InstalleRex.L potentially unwanted application	
C:\ProgramData\InstallMate\{C97F7623-F86A-4C6E-AE85-B048129C54D5}\Custom.dll	Win32/InstalleRex.M potentially unwanted application	
C:\ProgramData\InstallMate\{CF114E37-FB87-43E4-A10F-B3A514F26CC1}\_Setupx.dll	a variant of Win32/InstalleRex.U potentially unwanted application	
C:\ProgramData\InstallMate\{F3E83252-19A4-4B0D-A9E6-5186280B10A4}\Custom.dll	Win32/InstalleRex.M potentially unwanted application	
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\content.js.vir	JS/Chromex.Agent.L trojan	
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\R4q8_c0.js.vir	JS/Kryptik.ATB trojan	
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\content.js.vir	JS/Chromex.Agent.L trojan	
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\R4q8_c0.js.vir	JS/Kryptik.ATB trojan	
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\168\content.js.vir	JS/Chromex.Agent.L trojan	
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\168\G49MFn0tNxEf.js.vir	JS/Kryptik.ATB trojan	
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\168\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\189\YwbidIK_6xNl.js.vir	JS/Kryptik.ATB trojan	
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\content.js.vir	JS/Chromex.Agent.L trojan	
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\R4q8_c0.js.vir	JS/Kryptik.ATB trojan	
C:\Qoobox\Quarantine\C\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\content.js.vir	JS/Chromex.Agent.L trojan	
C:\Qoobox\Quarantine\C\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\Qoobox\Quarantine\C\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\R4q8_c0.js.vir	JS/Kryptik.ATB trojan	
C:\Qoobox\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\content.js.vir	JS/Chromex.Agent.L trojan	
C:\Qoobox\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\Qoobox\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\R4q8_c0.js.vir	JS/Kryptik.ATB trojan	
C:\Qoobox\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\168\content.js.vir	JS/Chromex.Agent.L trojan	
C:\Qoobox\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\168\G49MFn0tNxEf.js.vir	JS/Kryptik.ATB trojan	
C:\Qoobox\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\168\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\Qoobox\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\189\YwbidIK_6xNl.js.vir	JS/Kryptik.ATB trojan	
C:\Qoobox\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\content.js.vir	JS/Chromex.Agent.L trojan	
C:\Qoobox\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\Qoobox\Quarantine\C\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\R4q8_c0.js.vir	JS/Kryptik.ATB trojan	
C:\Qoobox\Quarantine\C\Users\chris\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\content.js.vir	JS/Chromex.Agent.L trojan	
C:\Qoobox\Quarantine\C\Users\chris\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\Qoobox\Quarantine\C\Users\chris\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\R4q8_c0.js.vir	JS/Kryptik.ATB trojan	
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\content.js.vir	JS/Chromex.Agent.L trojan	
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\R4q8_c0.js.vir	JS/Kryptik.ATB trojan	
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\content.js.vir	JS/Chromex.Agent.L trojan	
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\R4q8_c0.js.vir	JS/Kryptik.ATB trojan	
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\content.js.vir	JS/Chromex.Agent.L trojan	
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\R4q8_c0.js.vir	JS/Kryptik.ATB trojan	
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\content.js.vir	JS/Chromex.Agent.L trojan	
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\R4q8_c0.js.vir	JS/Kryptik.ATB trojan	
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\content.js.vir	JS/Chromex.Agent.L trojan	
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\R4q8_c0.js.vir	JS/Kryptik.ATB trojan	
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\content.js.vir	JS/Chromex.Agent.L trojan	
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\lsdb.js.vir	JS/Chromex.Agent.M trojan	
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\120\R4q8_c0.js.vir	JS/Kryptik.ATB trojan	
C:\Users\All Users\InstallMate\{8AC7C0F5-437A-43B7-A15C-0B585124E203}\Custom.dll	Win32/InstalleRex.L potentially unwanted application	
C:\Users\All Users\InstallMate\{C97F7623-F86A-4C6E-AE85-B048129C54D5}\Custom.dll	Win32/InstalleRex.M potentially unwanted application	
C:\Users\All Users\InstallMate\{CF114E37-FB87-43E4-A10F-B3A514F26CC1}\_Setupx.dll	a variant of Win32/InstalleRex.U potentially unwanted application	
C:\Users\All Users\InstallMate\{F3E83252-19A4-4B0D-A9E6-5186280B10A4}\Custom.dll	Win32/InstalleRex.M potentially unwanted application	
C:\Users\chris\Downloads\cbsidlm-cbsi145-Vista_Visual_Master-ORG-10810026.exe	a variant of Win32/CNETInstaller.B potentially unwanted application	
C:\Users\chris\Downloads\cbsidlm-tr1_12-Ultima_Online_Mondains_Legacy_client-ORG-10432237.exe	Win32/DownloadAdmin.G potentially unwanted application	
C:\Users\chris\Downloads\setup Project64 2.0.exe	Win32/Adware.Lollipop.D application	
C:\Users\chris\Downloads\The_Sims_3_All_Expansions_+_Stuff_Packs_secure (1).exe	Win32/TopMedia.B potentially unwanted application	
C:\Users\chris\Downloads\The_Sims_3_All_Expansions_+_Stuff_Packs_secure.exe	Win32/TopMedia.B potentially unwanted application	
C:\Users\chris\Downloads\TorchSetup.exe	a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application	
C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe	VBS/Kryptik.DC trojan	
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe	VBS/Kryptik.DC trojan	
I:\Program Files (x86)\Ss.Helper\uninstall.exe	a variant of Win32/SProtector.B potentially unwanted application	
I:\Program Files (x86)\ZoomEx\uninstall.exe	a variant of Win32/SProtector.B potentially unwanted application	
I:\ProgramData\InstallMate\ZoomEx\_Setupx.dll	a variant of Win32/InstalleRex.U potentially unwanted application	
I:\ProgramData\InstallMate\{450CCAEB-53FF-01E2-E309-1BDD9EEFE81D}\_Setupx.dll	Win32/InstalleRex.T potentially unwanted application	
I:\ProgramData\InstallMate\{8AC7C0F5-437A-43B7-A15C-0B585124E203}\Custom.dll	Win32/InstalleRex.L potentially unwanted application	
I:\ProgramData\InstallMate\{CF114E37-FB87-43E4-A10F-B3A514F26CC1}\_Setupx.dll	a variant of Win32/InstalleRex.U potentially unwanted application	
I:\ProgramData\Zoomex\settings.ini	Win32/Adware.MultiPlug.F application	
I:\Users\All Users\InstallMate\{8AC7C0F5-437A-43B7-A15C-0B585124E203}\Custom.dll	Win32/InstalleRex.L potentially unwanted application	
I:\Users\All Users\InstallMate\{C97F7623-F86A-4C6E-AE85-B048129C54D5}\Custom.dll	Win32/InstalleRex.M potentially unwanted application	
I:\Users\All Users\InstallMate\{CF114E37-FB87-43E4-A10F-B3A514F26CC1}\_Setupx.dll	a variant of Win32/InstalleRex.U potentially unwanted application	
I:\Users\All Users\InstallMate\{F3E83252-19A4-4B0D-A9E6-5186280B10A4}\Custom.dll	Win32/InstalleRex.M potentially unwanted application	
I:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\plugins\ConduitChromeApiPlugin.dll	a variant of Win32/Toolbar.Conduit.AH potentially unwanted application	
I:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.20.3.520_0\plugins\ConduitChromeApiPlugin.dll	a variant of Win32/Toolbar.Conduit.AH potentially unwanted application	
I:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.21.1.507_0\plugins\ConduitChromeApiPlugin.dll	a variant of Win32/Toolbar.Conduit.AH potentially unwanted application	
I:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.26.4.512_0\nativeMessaging\TBMessagingHost.exe	a variant of Win32/Toolbar.Conduit.AH potentially unwanted application	
I:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.31.4.510_0\APISupport\APISupport.dll	a variant of Win32/Conduit.SearchProtect.P potentially unwanted application	
I:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe	a variant of Win32/Toolbar.Conduit.AH potentially unwanted application	
I:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.31.4.510_0\plugins\ChromeApiPlugin.dll	a variant of Win32/Conduit.SearchProtect.N potentially unwanted application	
I:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\3hfw7vp5.default\extensions\staged\taplqqkae@mm-x.edu\content\bg.js	Win32/Adware.MultiPlug.H application	
I:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\3hfw7vp5.default\extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\Plugins\npConduitFirefoxPlugin.dll	a variant of Win32/Conduit.SearchProtect.N potentially unwanted application	
I:\Users\chris\Downloads\cbsidlm-tr1_12-Ultima_Online_Mondains_Legacy_client-ORG-10432237.exe	Win32/DownloadAdmin.G potentially unwanted application	
I:\Users\chris\Downloads\setup Project64 2.0.exe	Win32/Adware.Lollipop.D application	
I:\Users\chris\Downloads\The_Sims_3_All_Expansions_+_Stuff_Packs_secure (1).exe	Win32/TopMedia.B potentially unwanted application	
I:\Users\chris\Downloads\The_Sims_3_All_Expansions_+_Stuff_Packs_secure.exe	Win32/TopMedia.B potentially unwanted application	
I:\Users\chris\Downloads\TorchSetup.exe	a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application	
K:\downloads\3DMGAME-Pixel.Piracy.v.0.7.0.Cracked-3DM\Pixel Piracy\steam_api.dll	a variant of Win32/Packed.VMProtect.ABD trojan	
K:\downloads\3DMGAME-Pixel.Piracy.v.1.0.4.Cracked-3DM\3DMGAME-Pixel.Piracy.v.1.0.4.Cracked-3DM\Pixel Piracy\steam_api.dll	a variant of Win32/Packed.VMProtect.ABD trojan	
K:\downloads\3DMGAME-Planet.Explorers.Steam.Edition.v0.762.Cracked-3DM\3DMGAME-Planet.Explorers.Steam.Edition.v0.762.Cracked-3DM.part1\Planet Explorers\steam_api.dll	a variant of Win32/Packed.VMProtect.ABD trojan	
K:\downloads\3DMGAME-The.Forest.Public.Alpha.v0.03.Build.20140701.Cracked-3DM\3DMGAME-The.Forest.Public.Alpha.v0.03.Build.20140701.Cracked-3DM\The Forest\steam_api.dll	a variant of Win32/Packed.VMProtect.ABD trojan	
L:\11-8-2012 C back\ProgramData\DownloadnSave\background.html	Win32/Adware.MultiPlug.H application	
L:\11-8-2012 C back\ProgramData\InstallMate\{62C9D0E5-7E16-033B-E1D0-3634B92AF213}\_Setupx.dll	a variant of Win32/InstalleRex.U potentially unwanted application	
L:\11-8-2012 C back\ProgramData\InstallMate\{D76F0710-63B6-FCEB-1E00-2B940C8C25E6}\_Setupx.dll	a variant of Win32/InstalleRex.U potentially unwanted application	
L:\11-8-2012 C back\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnajjaddnfadciemihlpgonfpnapkfbo\1.0_0\bg.js	Win32/Adware.MultiPlug.H application	
L:\Amy\Pictures\MaxEN_LimeWireWin_5.5.8.exe	a variant of Win32/Toolbar.Conduit.B potentially unwanted application	
L:\Amy\Pictures\Downloads\MovieBario_FM.exe	a variant of Win32/SweetIM.A potentially unwanted application	
L:\Amy\Pictures\Downloads\MusicManager.exe	Win32/Toolbar.Zugo potentially unwanted application	
L:\Chris\Downloads\Downloader.exe	a variant of Win32/InstallCore.Q potentially unwanted application	
L:\server\Users\Administrator\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll	a variant of Win32/PriceGong.A potentially unwanted application	

AS of last reboot the svchost file did not reappear. The frst fixlist seems to have worked pretty well, Thank you. It does seem that eset found alot of items. I shall wait for you advice on how to proceed.



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:13 AM

Posted 05 February 2015 - 11:22 AM

Hello,
in my opinion your PC is clean. :) My help is of course completely free of charge but if you would like to donate some money to me that I can buy some beer, then click on the button paypal.gif. I'd really appreciate it, my friend. :)


We need to remove the tools we've used during cleaning your machine.
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 jetracer

jetracer
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 05 February 2015 - 05:29 PM

# DelFix v10.8 - Logfile created 05/02/2015 at 17:26:37
# Updated 29/07/2014 by Xplode
# Username : chris - CHRIS-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\chris\Desktop\FRST-OlderVersion
Deleted : C:\ComboFix.txt
Deleted : C:\Users\chris\Desktop\dds.txt
Deleted : C:\Users\chris\Desktop\JRT.exe
Deleted : C:\Users\chris\Downloads\AdwCleaner (1).exe
Deleted : C:\Users\chris\Downloads\AdwCleaner.exe
Deleted : C:\Users\chris\Downloads\ComboFix.exe
Deleted : C:\Users\chris\Downloads\dds.scr
Deleted : C:\Users\chris\Downloads\FRST64 (1).exe
Deleted : C:\Users\chris\Downloads\FRST64.exe
Deleted : C:\Users\chris\Downloads\JRT (1).exe
Deleted : C:\Users\chris\Downloads\JRT.exe
Deleted : C:\Users\chris\Downloads\JavaRa-2.1.zip
Deleted : C:\Users\chris\Downloads\JavaRa-2.3.zip
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...


New restore point created !

########## - EOF - ##########

Thank you. I will definitely send you some beer money! Not sure about the exchange rate of USD but anything is better than nothing.  Have a good day and thank you again for you help.

-Chris 



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:13 AM

Posted 06 February 2015 - 08:27 AM

Many thanks for the donation! :)

Any further questions before I close this topic as solved?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:13 AM

Posted 10 February 2015 - 02:54 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users