Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help removing the Zeroaccess Rootkit


  • This topic is locked This topic is locked
16 replies to this topic

#1 dayvolt

dayvolt

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 09 February 2015 - 06:18 PM

I was told on another forum posting that I had the Zeroaccess Rootkit. I have created the logs with FRST. Please help me remove this.

BC AdBot (Login to Remove)

 


#2 dayvolt

dayvolt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 09 February 2015 - 06:20 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Dayvolt (administrator) on DAYVOLT-PC on 09-02-2015 18:15:33
Running from C:\Users\Dayvolt\Desktop
Loaded Profiles: Dayvolt (Available profiles: Dayvolt)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\Program Files (x86)\NaosZbrags\NaosZbragsHelper.exe
() C:\Program Files (x86)\NaosZbrags\NaosZbragsHelper.exe
() C:\Program Files (x86)\NaosZbrags\NaosZbragsHelper.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1940160 2014-11-11] (Valve Corporation)
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Run: [DW6] => [X]
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [4527424 2011-08-17] (DT Soft Ltd)
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-02-05] (Google Inc.)
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\MountPoints2: I - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\MountPoints2: {0f29af78-2e40-11e1-8a30-b8ac6fda041e} - I:\autorun.exe
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\MountPoints2: {0fd38961-afff-11e4-9b2b-b8ac6fda041e} - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\MountPoints2: {d4314fea-3096-11e0-bb60-806e6f6e6963} - D:\Installer.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
ShortcutTarget: WD Quick View.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-695169538-937006988-3035725271-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-695169538-937006988-3035725271-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-695169538-937006988-3035725271-1000 -> {46F162CB-0C4F-499A-BAE5-DACDC8380949} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-695169538-937006988-3035725271-1000 -> {AA3E8C04-194E-409D-9F82-E7CC1ABFFA86} URL = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-695169538-937006988-3035725271-1000 -> {ED0D3BCB-7E5D-4F14-9761-D1D9369B72A9} URL = http://websearch.ask.com/redirect?client=ie&tb=EPC&o=2484&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^A49&apn_dtid=^YYYYYY^YY^US&apn_uid=0de07905-c613-4e95-b0da-f03a798b3f05&apn_sauid=B02DC132-A9A8-4D49-AD8E-43EB14A41F40
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-695169538-937006988-3035725271-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog9 01 C:\Windows\SysWOW64\ProtectMe.dll [304728] (ProtectMe)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ProtectMe.dll [304728] (ProtectMe)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ProtectMe.dll [304728] (ProtectMe)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ProtectMe.dll [304728] (ProtectMe)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ProtectMe.dll [304728] (ProtectMe)
Winsock: Catalog9-x64 01 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Winsock: Catalog9-x64 02 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Winsock: Catalog9-x64 03 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Winsock: Catalog9-x64 04 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Winsock: Catalog9-x64 15 C:\Windows\system32\ProtectMe64.dll [350768] (ProtectMe)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default
FF SelectedSearchEngine: Groovorio
FF SearchEngineOrder.1: WebSearch
FF DefaultSearchEngine: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searc-hall.info/?pid=3780&r=2014/10/22&hid=15106062608480926165&lg=EN&cc=US&unqvl=65&l=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\user.js
FF Extension: EpicPlay Games - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com [2011-12-16]
FF Extension: No Name - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\Extensions\nogroovesharkads@tobbi.tk [2014-11-15]
FF Extension: DiscountExtensi - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\Extensions\O@yG.edu [2014-11-15]
FF Extension: topbuyer - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\Extensions\U@td.net [2014-11-15]
FF Extension: 9e96e0c49bde49b7989fa4ca4bdc90bb - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\Extensions\{9e96e0c4-9bde-49b7-989f-a4ca4bdc90bb} [2014-11-15]
FF Extension: SQLlite Addon - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\Extensions\ihbocqgxcu@ihbocqgxcu.org.xpi [1681-04-11]
FF Extension: Quick Preference Button - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\Extensions\qprefbtn@max.max.xpi [2012-08-15]
FF Extension: Mozilla Framework Assistant - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\Extensions\{175c1520-df44-460c-84ce-e5f59dd1935f}.xpi [2013-02-23]
FF Extension: XHTML Mobile Profile - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\Extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}.xpi [2012-08-15]
FF HKLM\...\Firefox\Extensions: [{121C6AF3-6778-4360-AFDB-57BD4E3E4343}] - C:\Program Files\Playzy\Firefox
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-05]
FF HKLM-x32\...\Firefox\Extensions: [{121C6AF3-6778-4360-AFDB-57BD4E3E4343}] - C:\Program Files\Playzy\Firefox
FF HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\extensions\wrigtdamon@yahoo.com [Not Found]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Dayvolt\AppData\Local\Google\Chrome\User Data\Default
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2009-08-14] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-08-14] (Alcatel-Lucent) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
U2 NaosZbrags; C:\Program Files (x86)\NaosZbrags\NaosZbrags.exe [4377560 2014-11-03] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2011-01-28] (PC Tools)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [311296 2011-08-01] (WDC) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2011-12-24] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-02-09] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
S3 MFE_RR; \??\C:\Users\Dayvolt\AppData\Local\Temp\mfe_rr.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 18:15 - 2015-02-09 18:15 - 00023593 _____ () C:\Users\Dayvolt\Desktop\FRST.txt
2015-02-09 18:15 - 2015-02-09 18:06 - 02132992 ____N (Farbar) C:\Users\Dayvolt\Desktop\FRST64.exe
2015-02-09 18:06 - 2015-02-09 18:15 - 00000000 ____D () C:\FRST
2015-02-09 17:55 - 2015-02-09 18:04 - 00000357 _____ () C:\Users\Dayvolt\Desktop\Win32kDiag.txt
2015-02-09 17:55 - 2015-02-09 17:54 - 00047616 ____N () C:\Users\Dayvolt\Desktop\Win32kDiag.exe
2015-02-09 17:52 - 2015-02-09 17:39 - 05611380 ____R (Swearware) C:\Users\Dayvolt\Desktop\Combo-Fix.exe
2015-02-09 17:43 - 2015-02-09 17:40 - 05611380 ____R (Swearware) C:\Users\Dayvolt\Desktop\ComboFix (1).exe
2015-02-09 17:22 - 2015-02-09 17:32 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-09 17:22 - 2015-02-09 17:22 - 18570328 ____N () C:\Users\Dayvolt\Desktop\RogueKillerX64.exe
2015-02-09 17:22 - 2015-02-09 17:22 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-08 21:46 - 2015-02-09 18:00 - 00000000 ____D () C:\32788R22FWJFW
2015-02-08 21:41 - 2015-02-08 21:41 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-08 21:37 - 2015-02-08 21:37 - 00000000 ____D () C:\Temp
2015-02-08 21:27 - 2015-02-09 17:08 - 00000000 ____D () C:\Users\Dayvolt\AppData\Roaming\VERIZON
2015-02-08 21:27 - 2015-02-08 21:27 - 00000000 ____D () C:\Users\Public\Documents\Verizon2.0_Log
2015-02-08 20:59 - 2015-02-08 19:52 - 00000000 _____ () C:\Users\Dayvolt\Downloads\FRST.exe.ntimqz6 (1).partial
2015-02-08 20:59 - 2015-02-08 19:52 - 00000000 _____ () C:\Users\Dayvolt\Downloads\FRST.exe.ntimqz6 (1) (1).partial
2015-02-08 20:56 - 2015-02-08 20:56 - 00000000 ____D () C:\99f2087c77959d897d4a
2015-02-08 20:55 - 2015-02-08 19:52 - 00000000 _____ () C:\Users\Dayvolt\Desktop\FRST.exe.ntimqz6.partial
2015-02-08 20:54 - 2015-02-08 20:05 - 00000000 _____ () C:\Users\Dayvolt\Downloads\FRST.exe.ksvtx47.partial
2015-02-08 20:54 - 2015-02-08 20:05 - 00000000 _____ () C:\Users\Dayvolt\Downloads\FRST.exe.ksvtx47 (1).partial
2015-02-08 20:54 - 2015-02-08 20:05 - 00000000 _____ () C:\Users\Dayvolt\Downloads\FRST.exe.ksvtx47 (1) (1).partial
2015-02-08 20:53 - 2015-02-08 19:52 - 00000000 _____ () C:\Users\Dayvolt\Downloads\FRST.exe.ntimqz6.partial
2015-02-08 17:40 - 2015-02-08 17:40 - 00000000 ____D () C:\67d720e967b965f6cc3e9030273d18f8
2015-02-08 16:41 - 2015-02-08 21:14 - 00003572 _____ () C:\Users\Dayvolt\Desktop\Rkill.txt
2015-02-08 16:14 - 2015-02-08 16:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-08 16:13 - 2015-02-08 16:43 - 00000000 ____D () C:\Users\Dayvolt\Desktop\mbar
2015-02-08 10:20 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-08 10:20 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-08 10:20 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-08 10:20 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-08 10:20 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-08 10:20 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-08 10:20 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-08 10:20 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-08 10:20 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-08 10:20 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-07 14:36 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-07 14:36 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-07 14:36 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 18:05 - 2011-02-05 19:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-09 17:57 - 2012-07-01 16:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 17:47 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 17:47 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 17:44 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-09 17:43 - 2009-07-14 00:10 - 01158705 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 17:40 - 2011-02-05 19:57 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-09 17:40 - 2011-02-05 16:31 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-09 17:40 - 2009-07-13 23:51 - 00093496 _____ () C:\Windows\setupact.log
2015-02-09 17:39 - 2013-10-05 17:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-09 17:39 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 17:29 - 2012-01-10 21:47 - 00000000 __SHD () C:\Users\Dayvolt\AppData\Local\{932521b4-3568-72f6-af54-29cb2687119a}
2015-02-09 17:12 - 2012-09-08 21:20 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C5A7086F-7CFE-455B-B9B8-515B69E55093}
2015-02-09 17:07 - 2011-02-04 14:42 - 00681898 _____ () C:\Windows\PFRO.log
2015-02-08 19:00 - 2011-12-23 11:09 - 00000270 _____ () C:\Windows\Tasks\RMSchedule.job
2015-02-08 17:52 - 2013-08-04 06:53 - 530209649 _____ () C:\Windows\MEMORY.DMP
2015-02-08 16:55 - 2014-11-16 09:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 16:13 - 2014-11-16 09:51 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-07 16:17 - 2014-11-16 09:42 - 00000000 __SHD () C:\Program Files (x86)\NaosZbrags
2015-02-07 15:01 - 2013-08-14 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-07 14:52 - 2012-01-08 01:48 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-07 14:22 - 2012-12-09 19:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Files in the root of some directories =======

2014-11-16 09:09 - 2014-11-16 09:09 - 0022528 _____ () C:\Users\Dayvolt\AppData\Local\234063dsisetup2456852.exe
2012-01-06 15:36 - 2012-01-06 17:41 - 0012374 ___SH () C:\Users\Dayvolt\AppData\Local\db608pk816hwqf73752tm45531x53hd573x0xt3g6vp480
2014-10-31 07:09 - 2014-11-16 09:10 - 0000001 _____ () C:\Users\Dayvolt\AppData\Local\DSI.DAT
2012-01-06 15:36 - 2012-01-06 17:41 - 0012374 ___SH () C:\ProgramData\db608pk816hwqf73752tm45531x53hd573x0xt3g6vp480
2011-02-05 16:52 - 2011-02-05 16:55 - 0000824 _____ () C:\ProgramData\hpzinstall.log
2014-02-26 21:31 - 2014-02-26 21:32 - 0000458 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2011-12-24 20:45 - 2011-12-24 20:45 - 0005104 _____ () C:\ProgramData\qjaxlkio.dss
2013-12-03 21:19 - 2013-12-03 21:19 - 0000040 _____ () C:\ProgramData\ra3.ini

Files to move or delete:
====================
C:\ProgramData\qjaxlkio.dss


Some content of TEMP:
====================
C:\Users\Dayvolt\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Dayvolt\AppData\Local\Temp\{5CC8C60E-B1C5-40CB-8352-E0B5DF3E72EE}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


LastRegBack: 2015-02-07 17:25

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Dayvolt at 2015-02-09 18:15:58
Running from C:\Users\Dayvolt\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-6490CW (HKLM-x32\...\{20E970DF-A7B2-4345-9DEB-72213A29645E}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Caesar IV (HKLM-x32\...\{B7666229-351B-47D9-AA6F-DF777CF04BBF}) (Version: 1.2 - Tilted Mill Entertainment)
Caesar IV Demo (HKLM-x32\...\{56C3017A-6E09-4101-8B35-EAC40DA86A9E}) (Version: 0.17.56 - Tilted Mill Entertainment)
Civilization III Complete Edition (HKLM-x32\...\InstallShield_{2157961D-0507-44A8-BCF2-1EE2D439E8DF}) (Version: 1.00.0000 - 2K Games)
Civilization III Complete Edition (x32 Version: 1.00.0000 - 2K Games) Hidden
Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{82696435-8572-4D8B-A230-D1AA567D0F0F}) (Version: 1.0.0.0 - Electronic Arts)
Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{BA4C8F9F-D81B-4AFE-AE5A-3837830F5B89}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert, Counterstrike and The Aftermath (HKLM-x32\...\{25456D58-2414-4CC4-AA1B-CF3A2BE00A79}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert™ 3 and Uprising (HKLM-x32\...\{3C315BF7-4B64-4024-8102-174A197437FA}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Renegade (HKLM-x32\...\{97B5E8B9-D5E6-49C4-8CDA-7E096BE2601A}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts)
Command & Conquer™ Tiberian Sun™ and Firestorm™ (HKLM-x32\...\{517FAF1E-3045-49DE-8079-107C2851389E}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
ConverterLite 0.1 (HKLM-x32\...\ConverterLite) (Version: 0.1 - Amnis Technology Ltd)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 4.41.0315.0262 - DT Soft Ltd)
DebugMode Wax 2.0 (HKLM-x32\...\DebugMode Wax 2.0) (Version: - )
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
D-Fend Reloaded 1.3.1 (deinstall) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.3.1 - Alexander Herzog)
Diablo (HKLM-x32\...\Diablo) (Version: - )
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Diablo II (HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Diablo II) (Version: - )
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.8.16603 - Blizzard Entertainment)
DJ_AIO_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Driver Manager (HKLM-x32\...\{686695ED-BB3F-415D-B0DB-18CF535F7B50}) (Version: 7 - Driver Manager)
DriverTuner 3.1.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.1 - LionSea SoftWare)
Express Zip (HKLM-x32\...\ExpressZip) (Version: - NCH Software)
F4100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
F4100_Help (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 5.20 - Philipp Winterberg)
Freight Tycoon Inc. (HKLM-x32\...\Steam App 289340) (Version: - Nikita)
FrostWire 5.6.9 (HKLM-x32\...\FrostWire 5) (Version: 5.6.9.2 - FrostWire LLC)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Gametap Player (HKLM-x32\...\Gametap Player) (Version: - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{EB773820-0871-46A8-9B96-F2B04F8B34F0}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java™ 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
jZip (HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\jZip) (Version: 2.0.0.129577 - Bandoo Media Inc) <==== ATTENTION
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MixPad Audio Mixer (HKLM-x32\...\MixPad) (Version: - NCH Software)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Myst Masterpiece Edition (HKLM-x32\...\Myst Masterpiece Edition) (Version: - )
NVIDIA 3D Vision Controller Driver 331.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.58 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 331.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.58 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.58 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.13.2142 - Electronic Arts, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
PhotoStage Slideshow Producer (HKLM-x32\...\PhotoStage) (Version: - NCH Software)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.10 - NCH Software)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5963 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Sid Meier's Civilization IV (HKLM-x32\...\Steam App 3900) (Version: - Firaxis Games)
Sid Meier's Civilization IV: Beyond the Sword (HKLM-x32\...\Steam App 8800) (Version: - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Sim City 2000 (HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Sim City 2000) (Version: - )
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
WD Link (HKLM-x32\...\WD Link) (Version: 1.00.03 - Western Digital)
WD SmartWare Drive Manager (HKLM\...\{BEC2EFB7-93E4-4F5F-B056-602ACEC2B759}) (Version: 1.5.0 - Western Digital)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.0.5.16135 - Blizzard Entertainment)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.1) (Version: 1.3.2 - Xvid Team)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version: - DOSBox Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

05-12-2014 22:21:29 Windows Update
08-12-2014 01:00:10 Windows Update
11-12-2014 22:21:41 Windows Update
15-12-2014 01:00:27 Windows Update
18-12-2014 01:48:40 Windows Update
22-12-2014 21:43:02 Windows Update
07-02-2015 14:25:02 Windows Update
07-02-2015 14:52:08 Windows Update
08-02-2015 17:38:40 Windows Update
08-02-2015 20:55:54 Windows Update
09-02-2015 01:00:16 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-02-07 14:33 - 00000675 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03600AE4-D74F-4935-B9F0-A2285AE6BE0C} - System32\Tasks\{F04EEA37-93CA-4E59-AFDB-7EBC5F6DA51C} => pcalua.exe -a C:\PROGRA~2\ATT-PR~1\UNWISE.EXE -c C:\PROGRA~2\ATT-PR~1\INSTALL.LOG
Task: {15561814-685B-4A58-9861-EC2625659FA6} - \FF Watcher {0B5B9AF2-9E37-4536-998B-94608139B9FD} No Task File <==== ATTENTION
Task: {1C644779-1545-4C6A-A9E7-9A5427551499} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {1C83534F-C32D-4E83-B7D5-F41C992F05BB} - \NewPlayer Update No Task File <==== ATTENTION
Task: {1DF9FF2D-0F3B-45F2-BE6B-9AB6BB152744} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {262E4B9D-A10E-4319-80CC-8C1B9B24EBA2} - System32\Tasks\DriverTuner Startup => C:\Program Files (x86)\DriverTuner\DriverTuner.exe
Task: {2812C97A-94ED-4B7C-9C67-4D6FD820079C} - \bench-S-1-5-21-695169538-937006988-3035725271-1000 No Task File <==== ATTENTION
Task: {2E2D482F-02FA-4451-B37C-A9D48109BFF7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {2FAE86E7-97EF-458D-9342-EFD3F1A9AFE1} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {302D3923-5B4E-4824-8510-D4DAB84DB9B6} - System32\Tasks\CIMT_S-1-5-21-695169538-937006988-3035725271-1000 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {472FB2A8-91D3-4206-AA9C-AB2831611013} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {505E23B5-30FC-423C-9C9B-F2AF61B1C7A0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5155A626-122E-48BF-8F1F-CE12FD332E23} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-2 No Task File <==== ATTENTION
Task: {56252003-1BB7-4758-8600-B3D1FCDD4BB9} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\Registry Mechanic\update.exe
Task: {5C08AF88-DD26-4B63-B2A9-9D2E152B56B1} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-4 No Task File <==== ATTENTION
Task: {5E6CAF5B-A052-4F4E-ABC3-C3B6E9E1F0A5} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-7 No Task File <==== ATTENTION
Task: {645CAF1F-3052-47A5-AC5A-7FF3F9096B3B} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe <==== ATTENTION
Task: {6571CDC0-222B-4A06-B053-87A1B33733AA} - System32\Tasks\{A63897F6-3B98-4C56-A000-8308384BB1C2} => C:\Users\Dayvolt\Downloads\DOS Games\Chips Challenge\CHIPS.EXE [1992-09-06] ()
Task: {664D1DA5-5A6A-4408-8242-9F72751528B9} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {7759547F-B93D-4A05-A5F6-1CA38D64C9A2} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-5 No Task File <==== ATTENTION
Task: {7F841C70-D5E8-4ACC-B353-2F1252D7BD97} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-11 No Task File <==== ATTENTION
Task: {80B4ED96-98B7-44B4-AADE-6F3572238CD2} - System32\Tasks\{2ACAAE7C-7993-4420-95AB-59285D1F6B81} => C:\Users\Dayvolt\Downloads\DOS Games\Chips Challenge\CHIPS.EXE [1992-09-06] ()
Task: {836133E3-FB21-4D23-9E25-2A8DA8D196BE} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-6 No Task File <==== ATTENTION
Task: {8F8D1F91-7C63-4A03-B37C-594B1068627F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {95B3ED40-7A12-475A-8578-CF4B4314BEB6} - \RunAsStdUser Task No Task File <==== ATTENTION
Task: {A32850F2-C528-443A-B24A-32BCB20A69C3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C19E7B99-BB4D-4E84-A059-66CD27FD5BA3} - \ConsumerInputUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {C31D6D57-D8B0-423F-A9C0-E0DA40CEE714} - System32\Tasks\RMSchedule => C:\Program Files (x86)\Registry Mechanic\RegMech.exe
Task: {CBE63794-7058-4BFD-AFDC-BABD38006D8C} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {CD61527B-A066-46A5-9409-74A35F64F248} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {D50FC294-75A1-46F3-8013-2C2D71367172} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-1 No Task File <==== ATTENTION
Task: {D525B670-5E16-419E-A6CD-3858334FE82A} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {D573A0B5-66B5-4147-BEFF-0B2C9FED2204} - System32\Tasks\{84220281-CB5F-401A-8B5F-035C25D50EE2} => C:\Users\Dayvolt\Downloads\DOS Games\Chips Challenge\CHIPS.EXE [1992-09-06] ()
Task: {D8226855-EA25-4003-B531-6C8A18E00DB3} - \bench-sys No Task File <==== ATTENTION
Task: {D88BD4D7-1A0A-4C12-B013-714A2AFC2007} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-5_user No Task File <==== ATTENTION
Task: {DC9DAB75-B203-4712-87CC-B78AF7AD5343} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-3 No Task File <==== ATTENTION
Task: {DFA8EC7B-9F11-4FAB-9323-8247F0B3747D} - \Groovorio No Task File <==== ATTENTION
Task: {E156234C-C5AA-47D3-BE48-D75E174F50E4} - \ConsumerInputUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {E3B6D173-4667-4998-BE7D-057116C43384} - \SW-Booster-S-792098896 No Task File <==== ATTENTION
Task: {F528C0F1-9D7C-4F11-8414-2C457AE76CA9} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\Registry Mechanic\RegMech.exe

==================== Loaded Modules (whitelisted) ==============

2013-10-05 17:01 - 2013-10-15 16:47 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-09-03 15:44 - 2012-09-03 15:44 - 00088064 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2015-02-07 16:17 - 2015-02-07 16:17 - 00160728 ____R () C:\Program Files (x86)\NaosZbrags\NaosZbragsHelper.exe
2014-09-01 20:41 - 2014-11-11 13:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-01 20:41 - 2014-11-11 13:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-01 20:41 - 2014-11-11 13:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-04-15 17:24 - 2014-11-11 13:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 18:58 - 2014-11-11 20:04 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-01 20:41 - 2014-11-11 13:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-01 20:41 - 2014-11-11 13:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2011-12-15 17:27 - 2014-11-11 20:04 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-06-24 22:10 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-02-05 17:01 - 2014-11-11 13:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2011-02-04 12:47 - 2010-03-03 21:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57172027.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57172027.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProtectMe => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-695169538-937006988-3035725271-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dayvolt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-695169538-937006988-3035725271-500 - Administrator - Disabled)
Dayvolt (S-1-5-21-695169538-937006988-3035725271-1000 - Administrator - Enabled) => C:\Users\Dayvolt
Guest (S-1-5-21-695169538-937006988-3035725271-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-695169538-937006988-3035725271-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2015 06:16:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.3.8.0, time stamp: 0x52862eb0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00fcc4d0
Faulting process id: 0x1960
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (02/09/2015 06:16:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NaosZbrags.exe, version: 0.0.0.0, time stamp: 0x35246174
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x009fc4d0
Faulting process id: 0x44c
Faulting application start time: 0xNaosZbrags.exe0
Faulting application path: NaosZbrags.exe1
Faulting module path: NaosZbrags.exe2
Report Id: NaosZbrags.exe3

Error: (02/09/2015 06:16:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.3.8.0, time stamp: 0x52862eb0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x019bc4d0
Faulting process id: 0x850
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (02/09/2015 06:15:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NaosZbrags.exe, version: 0.0.0.0, time stamp: 0x35246174
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02dfc4d0
Faulting process id: 0x904
Faulting application start time: 0xNaosZbrags.exe0
Faulting application path: NaosZbrags.exe1
Faulting module path: NaosZbrags.exe2
Report Id: NaosZbrags.exe3

Error: (02/09/2015 06:15:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.3.8.0, time stamp: 0x52862eb0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x01dbc4d0
Faulting process id: 0x102c
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (02/09/2015 06:15:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NaosZbrags.exe, version: 0.0.0.0, time stamp: 0x35246174
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0230c4d0
Faulting process id: 0x16e8
Faulting application start time: 0xNaosZbrags.exe0
Faulting application path: NaosZbrags.exe1
Faulting module path: NaosZbrags.exe2
Report Id: NaosZbrags.exe3

Error: (02/09/2015 06:15:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.3.8.0, time stamp: 0x52862eb0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x01d6c4d0
Faulting process id: 0x1278
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (02/09/2015 06:15:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.3.8.0, time stamp: 0x52862eb0
Faulting module name: MotoHelperService.exe, version: 2.3.8.0, time stamp: 0x52862eb0
Exception code: 0xc0000005
Fault offset: 0x000055d5
Faulting process id: 0x18d0
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (02/09/2015 06:15:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NaosZbrags.exe, version: 0.0.0.0, time stamp: 0x35246174
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0088c4d0
Faulting process id: 0x1204
Faulting application start time: 0xNaosZbrags.exe0
Faulting application path: NaosZbrags.exe1
Faulting module path: NaosZbrags.exe2
Report Id: NaosZbrags.exe3

Error: (02/09/2015 06:15:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NaosZbragsHelper.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0207c4d0
Faulting process id: 0x1924
Faulting application start time: 0xNaosZbragsHelper.exe0
Faulting application path: NaosZbragsHelper.exe1
Faulting module path: NaosZbragsHelper.exe2
Report Id: NaosZbragsHelper.exe3


System errors:
=============
Error: (02/09/2015 06:16:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/09/2015 06:15:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NaosZbrags service terminated unexpectedly. It has done this 229 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.

Error: (02/09/2015 06:15:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/09/2015 06:15:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NaosZbrags service terminated unexpectedly. It has done this 228 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.

Error: (02/09/2015 06:15:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/09/2015 06:15:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/09/2015 06:15:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NaosZbrags service terminated unexpectedly. It has done this 227 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.

Error: (02/09/2015 06:15:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/09/2015 06:15:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NaosZbrags service terminated unexpectedly. It has done this 226 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.

Error: (02/09/2015 06:15:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (02/09/2015 06:16:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MotoHelperService.exe2.3.8.052862eb0unknown0.0.0.000000000c000000500fcc4d0196001d044be62152069C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exeunknowna2efc1e7-b0b1-11e4-9834-b8ac6fda041e

Error: (02/09/2015 06:16:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NaosZbrags.exe0.0.0.035246174unknown0.0.0.000000000c0000005009fc4d044c01d044be5f4d64f7C:\Program Files (x86)\NaosZbrags\NaosZbrags.exeunknowna0c05e87-b0b1-11e4-9834-b8ac6fda041e

Error: (02/09/2015 06:16:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MotoHelperService.exe2.3.8.052862eb0unknown0.0.0.000000000c0000005019bc4d085001d044be5b7b0f67C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exeunknown9c4768a3-b0b1-11e4-9834-b8ac6fda041e

Error: (02/09/2015 06:15:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NaosZbrags.exe0.0.0.035246174unknown0.0.0.000000000c000000502dfc4d090401d044be59eb2839C:\Program Files (x86)\NaosZbrags\NaosZbrags.exeunknown9ad8d4b9-b0b1-11e4-9834-b8ac6fda041e

Error: (02/09/2015 06:15:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MotoHelperService.exe2.3.8.052862eb0unknown0.0.0.000000000c000000501dbc4d0102c01d044be579a7194C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exeunknown98646970-b0b1-11e4-9834-b8ac6fda041e

Error: (02/09/2015 06:15:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NaosZbrags.exe0.0.0.035246174unknown0.0.0.000000000c00000050230c4d016e801d044be54bfab20C:\Program Files (x86)\NaosZbrags\NaosZbrags.exeunknown959cadfe-b0b1-11e4-9834-b8ac6fda041e

Error: (02/09/2015 06:15:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MotoHelperService.exe2.3.8.052862eb0unknown0.0.0.000000000c000000501d6c4d0127801d044be53b51102C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exeunknown94816a3e-b0b1-11e4-9834-b8ac6fda041e

Error: (02/09/2015 06:15:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MotoHelperService.exe2.3.8.052862eb0MotoHelperService.exe2.3.8.052862eb0c0000005000055d518d001d044be4fb31febC:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exeC:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe9081da88-b0b1-11e4-9834-b8ac6fda041e

Error: (02/09/2015 06:15:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NaosZbrags.exe0.0.0.035246174unknown0.0.0.000000000c00000050088c4d0120401d044be4f884726C:\Program Files (x86)\NaosZbrags\NaosZbrags.exeunknown907d17c7-b0b1-11e4-9834-b8ac6fda041e

Error: (02/09/2015 06:15:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NaosZbragsHelper.exe0.0.0.000000000unknown0.0.0.000000000c00000050207c4d0192401d044be4d77d5aaC:\Program Files (x86)\NaosZbrags\NaosZbragsHelper.exeunknown8e6ca64b-b0b1-11e4-9834-b8ac6fda041e


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 51%
Total physical RAM: 4094.98 MB
Available physical RAM: 1973.25 MB
Total Pagefile: 8188.15 MB
Available Pagefile: 6211.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.65 GB) (Free:126.34 GB) NTFS
Drive f: () (Removable) (Total:14.9 GB) (Free:14.87 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

#3 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:12:16 PM

Posted 11 February 2015 - 09:59 AM

Hi. I'm checking your log now and will reply with instructions soon.

#4 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:12:16 PM

Posted 11 February 2015 - 05:03 PM

Please follow these steps:

1.- Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it to your Desktop as fixlist.txt
 
CloseProcesses:
C:\Program Files (x86)\Common Files\Intuit\
C:\Program Files (x86)\NaosZbrags\
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Run: [DW6] => [X]
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools)
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
C:\Program Files (x86)\Super Optimizer\
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\MountPoints2: I - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\MountPoints2: {0f29af78-2e40-11e1-8a30-b8ac6fda041e} - I:\autorun.exe
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\MountPoints2: {0fd38961-afff-11e4-9b2b-b8ac6fda041e} - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\MountPoints2: {d4314fea-3096-11e0-bb60-806e6f6e6963} - D:\Installer.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-695169538-937006988-3035725271-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-695169538-937006988-3035725271-1000 -> {ED0D3BCB-7E5D-4F14-9761-D1D9369B72A9} URL = http://websearch.ask.com/redirect?client=ie&tb=EPC&o=2484&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^A49&apn_dtid=^YYYYYY^YY^US&apn_uid=0de07905-c613-4e95-b0da-f03a798b3f05&apn_sauid=B02DC132-A9A8-4D49-AD8E-43EB14A41F40
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF SelectedSearchEngine: Groovorio
FF SearchEngineOrder.1: WebSearch
FF DefaultSearchEngine: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searc-hall.info/?pid=3780&r=2014/10/22&hid=15106062608480926165&lg=EN&cc=US&unqvl=65&l=1&q=
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF user.js: detected! => C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\user.js
FF Extension: DiscountExtensi - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\Extensions\O@yG.edu [2014-11-15]
FF Extension: topbuyer - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\Extensions\U@td.net [2014-11-15]
FF Extension: 9e96e0c49bde49b7989fa4ca4bdc90bb - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\Extensions\{9e96e0c4-9bde-49b7-989f-a4ca4bdc90bb} [2014-11-15]
FF Extension: No Name - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\extensions\wrigtdamon@yahoo.com [Not Found]
StartMenuInternet: FIREFOX.EXE - firefox.exe
StartMenuInternet: Google Chrome - chrome.exe
U2 NaosZbrags; C:\Program Files (x86)\NaosZbrags\NaosZbrags.exe [4377560 2014-11-03] ()
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2011-01-28] (PC Tools)
S3 MFE_RR; \??\C:\Users\Dayvolt\AppData\Local\Temp\mfe_rr.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
2015-02-09 17:29 - 2012-01-10 21:47 - 00000000 __SHD () C:\Users\Dayvolt\AppData\Local\{932521b4-3568-72f6-af54-29cb2687119a}
2014-11-16 09:09 - 2014-11-16 09:09 - 0022528 _____ () C:\Users\Dayvolt\AppData\Local\234063dsisetup2456852.exe
2012-01-06 15:36 - 2012-01-06 17:41 - 0012374 ___SH () C:\Users\Dayvolt\AppData\Local\db608pk816hwqf73752tm45531x53hd573x0xt3g6vp480
2012-01-06 15:36 - 2012-01-06 17:41 - 0012374 ___SH () C:\ProgramData\db608pk816hwqf73752tm45531x53hd573x0xt3g6vp480
2011-12-24 20:45 - 2011-12-24 20:45 - 0005104 _____ () C:\ProgramData\qjaxlkio.dss
C:\Users\Dayvolt\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Dayvolt\AppData\Local\Temp\{5CC8C60E-B1C5-40CB-8352-E0B5DF3E72EE}.exe
Task: {03600AE4-D74F-4935-B9F0-A2285AE6BE0C} - System32\Tasks\{F04EEA37-93CA-4E59-AFDB-7EBC5F6DA51C} => pcalua.exe -a C:\PROGRA~2\ATT-PR~1\UNWISE.EXE -c C:\PROGRA~2\ATT-PR~1\INSTALL.LOG
Task: {15561814-685B-4A58-9861-EC2625659FA6} - \FF Watcher {0B5B9AF2-9E37-4536-998B-94608139B9FD} No Task File <==== ATTENTION
Task: {1C83534F-C32D-4E83-B7D5-F41C992F05BB} - \NewPlayer Update No Task File <==== ATTENTION
Task: {262E4B9D-A10E-4319-80CC-8C1B9B24EBA2} - System32\Tasks\DriverTuner Startup => C:\Program Files (x86)\DriverTuner\DriverTuner.exe
Task: {2812C97A-94ED-4B7C-9C67-4D6FD820079C} - \bench-S-1-5-21-695169538-937006988-3035725271-1000 No Task File <==== ATTENTION
Task: {302D3923-5B4E-4824-8510-D4DAB84DB9B6} - System32\Tasks\CIMT_S-1-5-21-695169538-937006988-3035725271-1000 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
C:\Program Files (x86)\Consumer Input\Monitoring
Task: {472FB2A8-91D3-4206-AA9C-AB2831611013} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {5155A626-122E-48BF-8F1F-CE12FD332E23} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-2 No Task File <==== ATTENTION
Task: {56252003-1BB7-4758-8600-B3D1FCDD4BB9} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\Registry Mechanic\update.exe
Task: {5C08AF88-DD26-4B63-B2A9-9D2E152B56B1} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-4 No Task File <==== ATTENTION
Task: {5E6CAF5B-A052-4F4E-ABC3-C3B6E9E1F0A5} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-7 No Task File <==== ATTENTION 
Task: {645CAF1F-3052-47A5-AC5A-7FF3F9096B3B} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe <==== ATTENTION
C:\Program Files (x86)\Super Optimizer
Task: {6571CDC0-222B-4A06-B053-87A1B33733AA} - System32\Tasks\{A63897F6-3B98-4C56-A000-8308384BB1C2} => C:\Users\Dayvolt\Downloads\DOS Games\Chips Challenge\CHIPS.EXE [1992-09-06] ()
Task: {664D1DA5-5A6A-4408-8242-9F72751528B9} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {7759547F-B93D-4A05-A5F6-1CA38D64C9A2} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-5 No Task File <==== ATTENTION
Task: {7F841C70-D5E8-4ACC-B353-2F1252D7BD97} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-11 No Task File <==== ATTENTION
Task: {80B4ED96-98B7-44B4-AADE-6F3572238CD2} - System32\Tasks\{2ACAAE7C-7993-4420-95AB-59285D1F6B81} => C:\Users\Dayvolt\Downloads\DOS Games\Chips Challenge\CHIPS.EXE [1992-09-06] ()
Task: {836133E3-FB21-4D23-9E25-2A8DA8D196BE} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-6 No Task File <==== ATTENTION
Task: {95B3ED40-7A12-475A-8578-CF4B4314BEB6} - \RunAsStdUser Task No Task File <==== ATTENTION
Task: {C19E7B99-BB4D-4E84-A059-66CD27FD5BA3} - \ConsumerInputUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {C31D6D57-D8B0-423F-A9C0-E0DA40CEE714} - System32\Tasks\RMSchedule => C:\Program Files (x86)\Registry Mechanic\RegMech.exe
Task: {CBE63794-7058-4BFD-AFDC-BABD38006D8C} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {D50FC294-75A1-46F3-8013-2C2D71367172} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-1 No Task File <==== ATTENTION
Task: {D525B670-5E16-419E-A6CD-3858334FE82A} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
Task: {D573A0B5-66B5-4147-BEFF-0B2C9FED2204} - System32\Tasks\{84220281-CB5F-401A-8B5F-035C25D50EE2} => C:\Users\Dayvolt\Downloads\DOS Games\Chips Challenge\CHIPS.EXE [1992-09-06] ()
Task: {D8226855-EA25-4003-B531-6C8A18E00DB3} - \bench-sys No Task File <==== ATTENTION
Task: {D88BD4D7-1A0A-4C12-B013-714A2AFC2007} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-5_user No Task File <==== ATTENTION
Task: {DC9DAB75-B203-4712-87CC-B78AF7AD5343} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-3 No Task File <==== ATTENTION
Task: {DFA8EC7B-9F11-4FAB-9323-8247F0B3747D} - \Groovorio No Task File <==== ATTENTION
Task: {E156234C-C5AA-47D3-BE48-D75E174F50E4} - \ConsumerInputUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {E3B6D173-4667-4998-BE7D-057116C43384} - \SW-Booster-S-792098896 No Task File <==== ATTENTION
Task: {F528C0F1-9D7C-4F11-8414-2C457AE76CA9} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
C:\Program Files (x86)\YourFileDownloader
Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\Registry Mechanic\RegMech.exe
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57172027.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57172027.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProtectMe => ""="service"
DeleteJunctionsIndirectory: C:\Windows\system64
CMD: DIR C:\99f2087c77959d897d4a /s
CMD: DIR C:\67d720e967b965f6cc3e9030273d18f8 /s
cmd: netsh winsock reset
EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST and press the Fix button just once and wait.
The tool will make a log on your desktop (Fixlog.txt) please post it to your reply.

2.- Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, this time click on the Clean button.
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt ('n' represents the most recent report).
3.- Download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Run the tool by double-clicking it.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt in your next message.
4.- Run FRST again, check Addition.txt, press Scan and attach both reports.

#5 dayvolt

dayvolt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 11 February 2015 - 07:37 PM

Thank you that seemed to have solved the problem as I am finally posting from this computer. I will post the logs below just in case you see something else.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02
Ran by Dayvolt at 2015-02-11 18:45:47 Run:1
Running from C:\Users\Dayvolt\Desktop
Loaded Profiles: Dayvolt (Available profiles: Dayvolt)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
C:\Program Files (x86)\Common Files\Intuit\
C:\Program Files (x86)\NaosZbrags\
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Run: [DW6] => [X]
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools)
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
C:\Program Files (x86)\Super Optimizer\
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\MountPoints2: I - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\MountPoints2: {0f29af78-2e40-11e1-8a30-b8ac6fda041e} - I:\autorun.exe
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\MountPoints2: {0fd38961-afff-11e4-9b2b-b8ac6fda041e} - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\MountPoints2: {d4314fea-3096-11e0-bb60-806e6f6e6963} - D:\Installer.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-695169538-937006988-3035725271-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-695169538-937006988-3035725271-1000 -> {ED0D3BCB-7E5D-4F14-9761-D1D9369B72A9} URL = http://websearch.ask.com/redirect?client=ie&tb=EPC&o=2484&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^A49&apn_dtid=^YYYYYY^YY^US&apn_uid=0de07905-c613-4e95-b0da-f03a798b3f05&apn_sauid=B02DC132-A9A8-4D49-AD8E-43EB14A41F40
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF SelectedSearchEngine: Groovorio
FF SearchEngineOrder.1: WebSearch
FF DefaultSearchEngine: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searc-hall.info/?pid=3780&r=2014/10/22&hid=15106062608480926165&lg=EN&cc=US&unqvl=65&l=1&q=
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF user.js: detected! => C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\user.js
FF Extension: DiscountExtensi - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\Extensions\O@yG.edu [2014-11-15]
FF Extension: topbuyer - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\Extensions\U@td.net [2014-11-15]
FF Extension: 9e96e0c49bde49b7989fa4ca4bdc90bb - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\Extensions\{9e96e0c4-9bde-49b7-989f-a4ca4bdc90bb} [2014-11-15]
FF Extension: No Name - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\extensions\wrigtdamon@yahoo.com [Not Found]
StartMenuInternet: FIREFOX.EXE - firefox.exe
StartMenuInternet: Google Chrome - chrome.exe
U2 NaosZbrags; C:\Program Files (x86)\NaosZbrags\NaosZbrags.exe [4377560 2014-11-03] ()
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2011-01-28] (PC Tools)
S3 MFE_RR; \??\C:\Users\Dayvolt\AppData\Local\Temp\mfe_rr.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
2015-02-09 17:29 - 2012-01-10 21:47 - 00000000 __SHD () C:\Users\Dayvolt\AppData\Local\{932521b4-3568-72f6-af54-29cb2687119a}
2014-11-16 09:09 - 2014-11-16 09:09 - 0022528 _____ () C:\Users\Dayvolt\AppData\Local\234063dsisetup2456852.exe
2012-01-06 15:36 - 2012-01-06 17:41 - 0012374 ___SH () C:\Users\Dayvolt\AppData\Local\db608pk816hwqf73752tm45531x53hd573x0xt3g6vp480
2012-01-06 15:36 - 2012-01-06 17:41 - 0012374 ___SH () C:\ProgramData\db608pk816hwqf73752tm45531x53hd573x0xt3g6vp480
2011-12-24 20:45 - 2011-12-24 20:45 - 0005104 _____ () C:\ProgramData\qjaxlkio.dss
C:\Users\Dayvolt\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Dayvolt\AppData\Local\Temp\{5CC8C60E-B1C5-40CB-8352-E0B5DF3E72EE}.exe
Task: {03600AE4-D74F-4935-B9F0-A2285AE6BE0C} - System32\Tasks\{F04EEA37-93CA-4E59-AFDB-7EBC5F6DA51C} => pcalua.exe -a C:\PROGRA~2\ATT-PR~1\UNWISE.EXE -c C:\PROGRA~2\ATT-PR~1\INSTALL.LOG
Task: {15561814-685B-4A58-9861-EC2625659FA6} - \FF Watcher {0B5B9AF2-9E37-4536-998B-94608139B9FD} No Task File <==== ATTENTION
Task: {1C83534F-C32D-4E83-B7D5-F41C992F05BB} - \NewPlayer Update No Task File <==== ATTENTION
Task: {262E4B9D-A10E-4319-80CC-8C1B9B24EBA2} - System32\Tasks\DriverTuner Startup => C:\Program Files (x86)\DriverTuner\DriverTuner.exe
Task: {2812C97A-94ED-4B7C-9C67-4D6FD820079C} - \bench-S-1-5-21-695169538-937006988-3035725271-1000 No Task File <==== ATTENTION
Task: {302D3923-5B4E-4824-8510-D4DAB84DB9B6} - System32\Tasks\CIMT_S-1-5-21-695169538-937006988-3035725271-1000 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
C:\Program Files (x86)\Consumer Input\Monitoring
Task: {472FB2A8-91D3-4206-AA9C-AB2831611013} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {5155A626-122E-48BF-8F1F-CE12FD332E23} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-2 No Task File <==== ATTENTION
Task: {56252003-1BB7-4758-8600-B3D1FCDD4BB9} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\Registry Mechanic\update.exe
Task: {5C08AF88-DD26-4B63-B2A9-9D2E152B56B1} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-4 No Task File <==== ATTENTION
Task: {5E6CAF5B-A052-4F4E-ABC3-C3B6E9E1F0A5} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-7 No Task File <==== ATTENTION
Task: {645CAF1F-3052-47A5-AC5A-7FF3F9096B3B} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe <==== ATTENTION
C:\Program Files (x86)\Super Optimizer
Task: {6571CDC0-222B-4A06-B053-87A1B33733AA} - System32\Tasks\{A63897F6-3B98-4C56-A000-8308384BB1C2} => C:\Users\Dayvolt\Downloads\DOS Games\Chips Challenge\CHIPS.EXE [1992-09-06] ()
Task: {664D1DA5-5A6A-4408-8242-9F72751528B9} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {7759547F-B93D-4A05-A5F6-1CA38D64C9A2} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-5 No Task File <==== ATTENTION
Task: {7F841C70-D5E8-4ACC-B353-2F1252D7BD97} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-11 No Task File <==== ATTENTION
Task: {80B4ED96-98B7-44B4-AADE-6F3572238CD2} - System32\Tasks\{2ACAAE7C-7993-4420-95AB-59285D1F6B81} => C:\Users\Dayvolt\Downloads\DOS Games\Chips Challenge\CHIPS.EXE [1992-09-06] ()
Task: {836133E3-FB21-4D23-9E25-2A8DA8D196BE} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-6 No Task File <==== ATTENTION
Task: {95B3ED40-7A12-475A-8578-CF4B4314BEB6} - \RunAsStdUser Task No Task File <==== ATTENTION
Task: {C19E7B99-BB4D-4E84-A059-66CD27FD5BA3} - \ConsumerInputUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {C31D6D57-D8B0-423F-A9C0-E0DA40CEE714} - System32\Tasks\RMSchedule => C:\Program Files (x86)\Registry Mechanic\RegMech.exe
Task: {CBE63794-7058-4BFD-AFDC-BABD38006D8C} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {D50FC294-75A1-46F3-8013-2C2D71367172} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-1 No Task File <==== ATTENTION
Task: {D525B670-5E16-419E-A6CD-3858334FE82A} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
Task: {D573A0B5-66B5-4147-BEFF-0B2C9FED2204} - System32\Tasks\{84220281-CB5F-401A-8B5F-035C25D50EE2} => C:\Users\Dayvolt\Downloads\DOS Games\Chips Challenge\CHIPS.EXE [1992-09-06] ()
Task: {D8226855-EA25-4003-B531-6C8A18E00DB3} - \bench-sys No Task File <==== ATTENTION
Task: {D88BD4D7-1A0A-4C12-B013-714A2AFC2007} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-5_user No Task File <==== ATTENTION
Task: {DC9DAB75-B203-4712-87CC-B78AF7AD5343} - \c2d1b618-974b-4899-8b5e-7e965b8f5d64-3 No Task File <==== ATTENTION
Task: {DFA8EC7B-9F11-4FAB-9323-8247F0B3747D} - \Groovorio No Task File <==== ATTENTION
Task: {E156234C-C5AA-47D3-BE48-D75E174F50E4} - \ConsumerInputUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {E3B6D173-4667-4998-BE7D-057116C43384} - \SW-Booster-S-792098896 No Task File <==== ATTENTION
Task: {F528C0F1-9D7C-4F11-8414-2C457AE76CA9} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
C:\Program Files (x86)\YourFileDownloader
Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\Registry Mechanic\RegMech.exe
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57172027.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57172027.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProtectMe => ""="service"
DeleteJunctionsIndirectory: C:\Windows\system64
CMD: DIR C:\99f2087c77959d897d4a /s
CMD: DIR C:\67d720e967b965f6cc3e9030273d18f8 /s
cmd: netsh winsock reset
EmptyTemp:
*****************

Processes closed successfully.
C:\Program Files (x86)\Common Files\Intuit => Moved successfully.
C:\Program Files (x86)\NaosZbrags => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-695169538-937006988-3035725271-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DW6 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SSDMonitor => value deleted successfully.
HKU\S-1-5-21-695169538-937006988-3035725271-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Super Optimizer => value deleted successfully.
"C:\Program Files (x86)\Super Optimizer" => File/Directory not found.
"HKU\S-1-5-21-695169538-937006988-3035725271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I" => Key deleted successfully.
"HKU\S-1-5-21-695169538-937006988-3035725271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f29af78-2e40-11e1-8a30-b8ac6fda041e}" => Key deleted successfully.
HKCR\CLSID\{0f29af78-2e40-11e1-8a30-b8ac6fda041e} => Key not found.
"HKU\S-1-5-21-695169538-937006988-3035725271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fd38961-afff-11e4-9b2b-b8ac6fda041e}" => Key deleted successfully.
HKCR\CLSID\{0fd38961-afff-11e4-9b2b-b8ac6fda041e} => Key not found.
"HKU\S-1-5-21-695169538-937006988-3035725271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4314fea-3096-11e0-bb60-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{d4314fea-3096-11e0-bb60-806e6f6e6963} => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-695169538-937006988-3035725271-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => Key deleted successfully.
HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKU\S-1-5-21-695169538-937006988-3035725271-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ED0D3BCB-7E5D-4F14-9761-D1D9369B72A9}" => Key deleted successfully.
HKCR\CLSID\{ED0D3BCB-7E5D-4F14-9761-D1D9369B72A9} => Key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1,S deleted successfully.
Firefox DefaultSearchEngine,S deleted successfully.
Firefox SelectedSearchEngine,S deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\user.js => Moved successfully.
C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\Extensions\O@yG.edu => Moved successfully.
C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\Extensions\U@td.net => Moved successfully.
C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\Extensions\{9e96e0c4-9bde-49b7-989f-a4ca4bdc90bb} => Moved successfully.
C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\extensions\wrigtdamon@yahoo.com not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
NaosZbrags => Service deleted successfully.
gupdate => Service deleted successfully.
gupdatem => Service deleted successfully.
PCToolsSSDMonitorSvc => Service deleted successfully.
MFE_RR => Service deleted successfully.
MREMP50a64 => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
MRESP50a64 => Service deleted successfully.
C:\Users\Dayvolt\AppData\Local\{932521b4-3568-72f6-af54-29cb2687119a} => Moved successfully.
C:\Users\Dayvolt\AppData\Local\234063dsisetup2456852.exe => Moved successfully.
C:\Users\Dayvolt\AppData\Local\db608pk816hwqf73752tm45531x53hd573x0xt3g6vp480 => Moved successfully.
C:\ProgramData\db608pk816hwqf73752tm45531x53hd573x0xt3g6vp480 => Moved successfully.
C:\ProgramData\qjaxlkio.dss => Moved successfully.
C:\Users\Dayvolt\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Dayvolt\AppData\Local\Temp\{5CC8C60E-B1C5-40CB-8352-E0B5DF3E72EE}.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03600AE4-D74F-4935-B9F0-A2285AE6BE0C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03600AE4-D74F-4935-B9F0-A2285AE6BE0C}" => Key deleted successfully.
C:\Windows\System32\Tasks\{F04EEA37-93CA-4E59-AFDB-7EBC5F6DA51C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F04EEA37-93CA-4E59-AFDB-7EBC5F6DA51C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{15561814-685B-4A58-9861-EC2625659FA6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15561814-685B-4A58-9861-EC2625659FA6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {0B5B9AF2-9E37-4536-998B-94608139B9FD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1C83534F-C32D-4E83-B7D5-F41C992F05BB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C83534F-C32D-4E83-B7D5-F41C992F05BB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NewPlayer Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{262E4B9D-A10E-4319-80CC-8C1B9B24EBA2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{262E4B9D-A10E-4319-80CC-8C1B9B24EBA2}" => Key deleted successfully.
C:\Windows\System32\Tasks\DriverTuner Startup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverTuner Startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2812C97A-94ED-4B7C-9C67-4D6FD820079C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2812C97A-94ED-4B7C-9C67-4D6FD820079C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-S-1-5-21-695169538-937006988-3035725271-1000" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{302D3923-5B4E-4824-8510-D4DAB84DB9B6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{302D3923-5B4E-4824-8510-D4DAB84DB9B6}" => Key deleted successfully.
C:\Windows\System32\Tasks\CIMT_S-1-5-21-695169538-937006988-3035725271-1000 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-695169538-937006988-3035725271-1000" => Key deleted successfully.
"C:\Program Files (x86)\Consumer Input\Monitoring" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{472FB2A8-91D3-4206-AA9C-AB2831611013}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{472FB2A8-91D3-4206-AA9C-AB2831611013}" => Key deleted successfully.
C:\Windows\System32\Tasks\Optimizer Pro Schedule => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5155A626-122E-48BF-8F1F-CE12FD332E23}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5155A626-122E-48BF-8F1F-CE12FD332E23}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c2d1b618-974b-4899-8b5e-7e965b8f5d64-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56252003-1BB7-4758-8600-B3D1FCDD4BB9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56252003-1BB7-4758-8600-B3D1FCDD4BB9}" => Key deleted successfully.
C:\Windows\System32\Tasks\RMSmartUpdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RMSmartUpdate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5C08AF88-DD26-4B63-B2A9-9D2E152B56B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C08AF88-DD26-4B63-B2A9-9D2E152B56B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c2d1b618-974b-4899-8b5e-7e965b8f5d64-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E6CAF5B-A052-4F4E-ABC3-C3B6E9E1F0A5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E6CAF5B-A052-4F4E-ABC3-C3B6E9E1F0A5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c2d1b618-974b-4899-8b5e-7e965b8f5d64-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{645CAF1F-3052-47A5-AC5A-7FF3F9096B3B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{645CAF1F-3052-47A5-AC5A-7FF3F9096B3B}" => Key deleted successfully.
C:\Windows\System32\Tasks\Super Optimizer Schedule => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule" => Key deleted successfully.
"C:\Program Files (x86)\Super Optimizer" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6571CDC0-222B-4A06-B053-87A1B33733AA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6571CDC0-222B-4A06-B053-87A1B33733AA}" => Key deleted successfully.
C:\Windows\System32\Tasks\{A63897F6-3B98-4C56-A000-8308384BB1C2} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A63897F6-3B98-4C56-A000-8308384BB1C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{664D1DA5-5A6A-4408-8242-9F72751528B9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{664D1DA5-5A6A-4408-8242-9F72751528B9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7759547F-B93D-4A05-A5F6-1CA38D64C9A2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7759547F-B93D-4A05-A5F6-1CA38D64C9A2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c2d1b618-974b-4899-8b5e-7e965b8f5d64-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7F841C70-D5E8-4ACC-B353-2F1252D7BD97}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F841C70-D5E8-4ACC-B353-2F1252D7BD97}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c2d1b618-974b-4899-8b5e-7e965b8f5d64-11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80B4ED96-98B7-44B4-AADE-6F3572238CD2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80B4ED96-98B7-44B4-AADE-6F3572238CD2}" => Key deleted successfully.
C:\Windows\System32\Tasks\{2ACAAE7C-7993-4420-95AB-59285D1F6B81} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2ACAAE7C-7993-4420-95AB-59285D1F6B81}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{836133E3-FB21-4D23-9E25-2A8DA8D196BE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{836133E3-FB21-4D23-9E25-2A8DA8D196BE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c2d1b618-974b-4899-8b5e-7e965b8f5d64-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95B3ED40-7A12-475A-8578-CF4B4314BEB6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95B3ED40-7A12-475A-8578-CF4B4314BEB6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C19E7B99-BB4D-4E84-A059-66CD27FD5BA3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C19E7B99-BB4D-4E84-A059-66CD27FD5BA3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C31D6D57-D8B0-423F-A9C0-E0DA40CEE714}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C31D6D57-D8B0-423F-A9C0-E0DA40CEE714}" => Key deleted successfully.
C:\Windows\System32\Tasks\RMSchedule => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RMSchedule" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CBE63794-7058-4BFD-AFDC-BABD38006D8C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBE63794-7058-4BFD-AFDC-BABD38006D8C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D50FC294-75A1-46F3-8013-2C2D71367172}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D50FC294-75A1-46F3-8013-2C2D71367172}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c2d1b618-974b-4899-8b5e-7e965b8f5d64-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D525B670-5E16-419E-A6CD-3858334FE82A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D525B670-5E16-419E-A6CD-3858334FE82A}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D573A0B5-66B5-4147-BEFF-0B2C9FED2204}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D573A0B5-66B5-4147-BEFF-0B2C9FED2204}" => Key deleted successfully.
C:\Windows\System32\Tasks\{84220281-CB5F-401A-8B5F-035C25D50EE2} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{84220281-CB5F-401A-8B5F-035C25D50EE2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8226855-EA25-4003-B531-6C8A18E00DB3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8226855-EA25-4003-B531-6C8A18E00DB3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-sys" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D88BD4D7-1A0A-4C12-B013-714A2AFC2007}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D88BD4D7-1A0A-4C12-B013-714A2AFC2007}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c2d1b618-974b-4899-8b5e-7e965b8f5d64-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DC9DAB75-B203-4712-87CC-B78AF7AD5343}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC9DAB75-B203-4712-87CC-B78AF7AD5343}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c2d1b618-974b-4899-8b5e-7e965b8f5d64-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFA8EC7B-9F11-4FAB-9323-8247F0B3747D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFA8EC7B-9F11-4FAB-9323-8247F0B3747D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Groovorio" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E156234C-C5AA-47D3-BE48-D75E174F50E4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E156234C-C5AA-47D3-BE48-D75E174F50E4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E3B6D173-4667-4998-BE7D-057116C43384}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3B6D173-4667-4998-BE7D-057116C43384}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SW-Booster-S-792098896" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F528C0F1-9D7C-4F11-8414-2C457AE76CA9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F528C0F1-9D7C-4F11-8414-2C457AE76CA9}" => Key deleted successfully.
C:\Windows\System32\Tasks\YourFile Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile Update" => Key deleted successfully.
"C:\Program Files (x86)\YourFileDownloader" => File/Directory not found.
C:\Windows\Tasks\RMSchedule.job => Moved successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\57172027.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\57172027.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ProtectMe" => Key deleted successfully.
"C:\Windows\system64" => Deleting reparse point and unlocking started.
"C:\Windows\system64" => Deleting reparse point and unlocking done.
"C:\Windows\system64" => Deleting reparse point and unlocking completed.

=========  DIR C:\99f2087c77959d897d4a /s =========

 Volume in drive C is OS
 Volume Serial Number is CEBF-CD3F

 Directory of C:\99f2087c77959d897d4a

02/08/2015  08:56 PM    <DIR>          .
02/08/2015  08:56 PM    <DIR>          ..
               0 File(s)              0 bytes

     Total Files Listed:
               0 File(s)              0 bytes
               2 Dir(s)  135,611,432,960 bytes free

========= End of CMD: =========

=========  DIR C:\67d720e967b965f6cc3e9030273d18f8 /s =========

 Volume in drive C is OS
 Volume Serial Number is CEBF-CD3F

 Directory of C:\67d720e967b965f6cc3e9030273d18f8

02/08/2015  05:40 PM    <DIR>          .
02/08/2015  05:40 PM    <DIR>          ..
               0 File(s)              0 bytes

     Total Files Listed:
               0 File(s)              0 bytes
               2 Dir(s)  135,611,559,936 bytes free

========= End of CMD: =========

=========  netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

EmptyTemp: => Removed 271.3 MB temporary data.

The system needed a reboot.

==== End of Fixlog 18:47:06 ====


# AdwCleaner v4.110 - Logfile created 11/02/2015 at 19:24:41
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Dayvolt - DAYVOLT-PC
# Running from : C:\Users\Dayvolt\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Trusted Publisher
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b
Folder Deleted : C:\ProgramData\Kromtech
Folder Deleted : C:\ProgramData\Driver Manager
Folder Deleted : C:\ProgramData\DownSave
Folder Deleted : C:\ProgramData\ac432ef81f666767
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\registry mechanic
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Manager
Folder Deleted : C:\Program Files (x86)\jZip
Folder Deleted : C:\Program Files (x86)\Smartdl
Folder Deleted : C:\Program Files (x86)\Driver Manager
Folder Deleted : C:\Windows\SysWOW64\ARFC
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Windows\SysWOW64\WNLT
Folder Deleted : C:\Windows\System32\ljkb
Folder Deleted : C:\Users\Dayvolt\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Dayvolt\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Dayvolt\AppData\Local\jZip
Folder Deleted : C:\Users\Dayvolt\AppData\Local\torch
Folder Deleted : C:\Users\Dayvolt\AppData\Local\Kromtech
Folder Deleted : C:\Users\Dayvolt\AppData\Local\DriverTuner
Folder Deleted : C:\Users\Dayvolt\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Dayvolt\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\Dayvolt\AppData\Roaming\Probit Software
Folder Deleted : C:\Users\Dayvolt\AppData\Roaming\Super Optimizer
Folder Deleted : C:\Users\Dayvolt\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago
Folder Deleted : C:\Users\Dayvolt\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago
File Deleted : C:\Users\Public\Desktop\iLivid.lnk
File Deleted : C:\Users\Public\Desktop\DriverTuner.lnk
File Deleted : C:\Windows\patsearch.bin
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Users\Dayvolt\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Users\Dayvolt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
File Deleted : C:\Users\Dayvolt\Desktop\jZip.lnk

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{121C6AF3-6778-4360-AFDB-57BD4E3E4343}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{121C6AF3-6778-4360-AFDB-57BD4E3E4343}]
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\DesktopTemperature.exe
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43ea8b7d-cee0-4f86-8db0-d1c4302ecb67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{43ea8b7d-cee0-4f86-8db0-d1c4302ecb67}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011431152}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{43ea8b7d-cee0-4f86-8db0-d1c4302ecb67}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011431152}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{43ea8b7d-cee0-4f86-8db0-d1c4302ecb67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\BRS
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\genesis
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Red Sky
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\Easy Speed Check
Key Deleted : HKCU\Software\USyndication
Key Deleted : HKCU\Software\Cores
Key Deleted : HKCU\Software\DesktopTemperature
Key Deleted : HKCU\Software\Super Optimizer
Key Deleted : HKCU\Software\DriverTuner_Init
Key Deleted : HKCU\Software\DriverTuner
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\AdvertisingSupport
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\jZip
Key Deleted : HKLM\SOFTWARE\TBID
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\WNLT
Key Deleted : HKLM\SOFTWARE\XTRM Group Ltd.
Key Deleted : HKLM\SOFTWARE\YourFileDownloader
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{520C1D80-935C-42B9-9340-E883849D804F}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\TBID
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;192.168.*.*

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v23.0.1 (en-US)

-\\ Google Chrome v38.0.2125.104

[C:\Users\Dayvolt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Dayvolt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Dayvolt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3321554&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPF0846358-77B0-48DD-BE14-4332F6710E35&q={searchTerms}&SSPV=
[C:\Users\Dayvolt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.searc-hall.info/?l=1&q={searchTerms}&pid=3780&r=2014/10/22&hid=15106062608480926165&lg=EN&cc=US&unqvl=65
[C:\Users\Dayvolt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://groovorio.com/?results.php?&q={searchTerms}&f=4&a=grv_keyd3_14_24&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0D0AtDyEtC0E0C0DtA0FtN0D0Tzu0StCtDtByCtN1L2XzutAtFyDtFtCtFtCtN1L1Czu1N1C2X1V1J1P2U1QtA1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2SyCtAyEyDyB0BzyzztG0Dzy0CyEtG0EyDyDzztG0BzyyEyBtGtAtCzyyBtByCtD0FtA0Dzz0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyCyCyDzyyBtD0DtGtD0F0ByDtGyEyBtD0DtGzztA0D0EtGyDyC0A0FtAyBzyyDtA0Dzz0D2Q&cr=1887989728&ir=
[C:\Users\Dayvolt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330120&octid=EB_ORIGINAL_CTID&ISID=ME81D7922-92F0-4313-940D-2C12DF7FA3EF&SearchSource=58&CUI=&UM=6&UP=SP6A9A755B-022E-452B-AEDB-719954ECDA40&q={searchTerms}&SSPV=

-\\ Comodo Dragon v

[C:\Users\Dayvolt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Dayvolt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Dayvolt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3321554&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPF0846358-77B0-48DD-BE14-4332F6710E35&q={searchTerms}&SSPV=
[C:\Users\Dayvolt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.searc-hall.info/?l=1&q={searchTerms}&pid=3780&r=2014/10/22&hid=15106062608480926165&lg=EN&cc=US&unqvl=65
[C:\Users\Dayvolt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://groovorio.com/?results.php?&q={searchTerms}&f=4&a=grv_keyd3_14_24&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0D0AtDyEtC0E0C0DtA0FtN0D0Tzu0StCtDtByCtN1L2XzutAtFyDtFtCtFtCtN1L1Czu1N1C2X1V1J1P2U1QtA1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2SyCtAyEyDyB0BzyzztG0Dzy0CyEtG0EyDyDzztG0BzyyEyBtGtAtCzyyBtByCtD0FtA0Dzz0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyCyCyDzyyBtD0DtGtD0F0ByDtGyEyBtD0DtGzztA0D0EtGyDyC0A0FtAyBzyyDtA0Dzz0D2Q&cr=1887989728&ir=
[C:\Users\Dayvolt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330120&octid=EB_ORIGINAL_CTID&ISID=ME81D7922-92F0-4313-940D-2C12DF7FA3EF&SearchSource=58&CUI=&UM=6&UP=SP6A9A755B-022E-452B-AEDB-719954ECDA40&q={searchTerms}&SSPV=

-\\ Chrome Canary v

[C:\Users\Dayvolt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Dayvolt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Dayvolt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3321554&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPF0846358-77B0-48DD-BE14-4332F6710E35&q={searchTerms}&SSPV=
[C:\Users\Dayvolt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.searc-hall.info/?l=1&q={searchTerms}&pid=3780&r=2014/10/22&hid=15106062608480926165&lg=EN&cc=US&unqvl=65
[C:\Users\Dayvolt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://groovorio.com/?results.php?&q={searchTerms}&f=4&a=grv_keyd3_14_24&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0D0AtDyEtC0E0C0DtA0FtN0D0Tzu0StCtDtByCtN1L2XzutAtFyDtFtCtFtCtN1L1Czu1N1C2X1V1J1P2U1QtA1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2SyCtAyEyDyB0BzyzztG0Dzy0CyEtG0EyDyDzztG0BzyyEyBtGtAtCzyyBtByCtD0FtA0Dzz0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyCyCyDzyyBtD0DtGtD0F0ByDtGyEyBtD0DtGzztA0D0EtGyDyC0A0FtAyBzyyDtA0Dzz0D2Q&cr=1887989728&ir=
[C:\Users\Dayvolt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330120&octid=EB_ORIGINAL_CTID&ISID=ME81D7922-92F0-4313-940D-2C12DF7FA3EF&SearchSource=58&CUI=&UM=6&UP=SP6A9A755B-022E-452B-AEDB-719954ECDA40&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [16108 bytes] - [11/02/2015 18:50:06]
AdwCleaner[S0].txt - [18311 bytes] - [11/02/2015 19:24:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18371


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Dayvolt on Wed 02/11/2015 at 19:27:02.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-969E73DB.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-66EEE4D2.pf

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Dayvolt\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Dayvolt\appdata\local\pc_drivers_headquarters"
Failed to delete: [Folder] "C:\Program Files (x86)\epicplay"

 

~~~ FireFox

Successfully deleted: [File] C:\Users\Dayvolt\AppData\Roaming\mozilla\firefox\profiles\ordzcmzn.default\extensions\ihbocqgxcu@ihbocqgxcu.org.xpi [Tracur]
Successfully deleted: [Folder] C:\Users\Dayvolt\AppData\Roaming\mozilla\firefox\profiles\ordzcmzn.default\extensions\staged
Emptied folder: C:\Users\Dayvolt\AppData\Roaming\mozilla\firefox\profiles\ordzcmzn.default\minidumps [3 files]

 

~~~ Chrome

Dumping contents of C:\Users\Dayvolt\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Dayvolt\appdata\local\Google\Chrome\User Data\Default\Default\aadiddggdadcdfdagddfdbgggcdcgcdg
C:\Users\Dayvolt\appdata\local\Google\Chrome\User Data\Default\Default\aadiddggdadcdfdagddfdbgggcdcgcdg\background.js
C:\Users\Dayvolt\appdata\local\Google\Chrome\User Data\Default\Default\aadiddggdadcdfdagddfdbgggcdcgcdg\ContentScript.js
C:\Users\Dayvolt\appdata\local\Google\Chrome\User Data\Default\Default\aadiddggdadcdfdagddfdbgggcdcgcdg\manifest.json

Successfully deleted: [Folder] C:\Users\Dayvolt\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/11/2015 at 19:30:27.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by Dayvolt (administrator) on DAYVOLT-PC on 11-02-2015 19:30:54
Running from C:\Users\Dayvolt\Desktop
Loaded Profiles: Dayvolt (Available profiles: Dayvolt)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [4527424 2011-08-17] (DT Soft Ltd)
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-02-05] (Google Inc.)
HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
ShortcutTarget: WD Quick View.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-695169538-937006988-3035725271-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-695169538-937006988-3035725271-1000 -> {46F162CB-0C4F-499A-BAE5-DACDC8380949} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-695169538-937006988-3035725271-1000 -> {AA3E8C04-194E-409D-9F82-E7CC1ABFFA86} URL = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-695169538-937006988-3035725271-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension:  EpicPlay Games  - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com [2011-12-16]
FF Extension: No Name - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\Extensions\nogroovesharkads@tobbi.tk [2014-11-15]
FF Extension: Quick Preference Button - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\Extensions\qprefbtn@max.max.xpi [2012-08-15]
FF Extension: Mozilla Framework Assistant - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\Extensions\{175c1520-df44-460c-84ce-e5f59dd1935f}.xpi [2013-02-23]
FF Extension: XHTML Mobile Profile - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\Extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}.xpi [2012-08-15]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-05]
FF HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\extensions\ihbocqgxcu@ihbocqgxcu.org.xpi [Not Found]
FF Extension: No Name - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\extensions\wrigtdamon@yahoo.com [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Dayvolt\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2009-08-14] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-08-14] (Alcatel-Lucent) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [311296 2011-08-01] (WDC) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 IntuitUpdateServiceV4; "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2011-12-24] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-02-09] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 19:30 - 2015-02-11 19:31 - 00018944 _____ () C:\Users\Dayvolt\Desktop\FRST.txt
2015-02-11 19:30 - 2015-02-11 19:30 - 00002164 _____ () C:\Users\Dayvolt\Desktop\JRT.txt
2015-02-11 18:50 - 2015-02-11 19:24 - 00000000 ____D () C:\AdwCleaner
2015-02-11 18:49 - 2015-02-11 18:47 - 01388274 ____N (Thisisu) C:\Users\Dayvolt\Desktop\JRT.exe
2015-02-11 18:49 - 2015-02-11 18:46 - 02112512 ____N () C:\Users\Dayvolt\Desktop\AdwCleaner.exe
2015-02-11 18:45 - 2015-02-11 18:45 - 00000000 ____D () C:\Users\Dayvolt\Desktop\FRST-OlderVersion
2015-02-09 18:15 - 2015-02-11 18:45 - 02134016 _____ (Farbar) C:\Users\Dayvolt\Desktop\FRST64.exe
2015-02-09 18:06 - 2015-02-11 19:30 - 00000000 ____D () C:\FRST
2015-02-09 17:55 - 2015-02-09 17:54 - 00047616 ____N () C:\Users\Dayvolt\Desktop\Win32kDiag.exe
2015-02-09 17:52 - 2015-02-09 17:39 - 05611380 ____R (Swearware) C:\Users\Dayvolt\Desktop\Combo-Fix.exe
2015-02-09 17:43 - 2015-02-09 17:40 - 05611380 ____R (Swearware) C:\Users\Dayvolt\Desktop\ComboFix (1).exe
2015-02-09 17:22 - 2015-02-09 17:32 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-09 17:22 - 2015-02-09 17:22 - 18570328 ____N () C:\Users\Dayvolt\Desktop\RogueKillerX64.exe
2015-02-09 17:22 - 2015-02-09 17:22 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-08 21:46 - 2015-02-09 18:00 - 00000000 ____D () C:\32788R22FWJFW
2015-02-08 21:41 - 2015-02-08 21:41 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-08 21:37 - 2015-02-11 19:26 - 00000000 ____D () C:\Temp
2015-02-08 21:27 - 2015-02-11 18:40 - 00000000 ____D () C:\Users\Dayvolt\AppData\Roaming\VERIZON
2015-02-08 21:27 - 2015-02-08 21:27 - 00000000 ____D () C:\Users\Public\Documents\Verizon2.0_Log
2015-02-08 20:59 - 2015-02-08 19:52 - 00000000 _____ () C:\Users\Dayvolt\Downloads\FRST.exe.ntimqz6 (1).partial
2015-02-08 20:59 - 2015-02-08 19:52 - 00000000 _____ () C:\Users\Dayvolt\Downloads\FRST.exe.ntimqz6 (1) (1).partial
2015-02-08 20:56 - 2015-02-08 20:56 - 00000000 ____D () C:\99f2087c77959d897d4a
2015-02-08 20:55 - 2015-02-08 19:52 - 00000000 _____ () C:\Users\Dayvolt\Desktop\FRST.exe.ntimqz6.partial
2015-02-08 20:54 - 2015-02-08 20:05 - 00000000 _____ () C:\Users\Dayvolt\Downloads\FRST.exe.ksvtx47.partial
2015-02-08 20:54 - 2015-02-08 20:05 - 00000000 _____ () C:\Users\Dayvolt\Downloads\FRST.exe.ksvtx47 (1).partial
2015-02-08 20:54 - 2015-02-08 20:05 - 00000000 _____ () C:\Users\Dayvolt\Downloads\FRST.exe.ksvtx47 (1) (1).partial
2015-02-08 20:53 - 2015-02-08 19:52 - 00000000 _____ () C:\Users\Dayvolt\Downloads\FRST.exe.ntimqz6.partial
2015-02-08 17:40 - 2015-02-08 17:40 - 00000000 ____D () C:\67d720e967b965f6cc3e9030273d18f8
2015-02-08 16:41 - 2015-02-08 21:14 - 00003572 _____ () C:\Users\Dayvolt\Desktop\Rkill.txt
2015-02-08 16:14 - 2015-02-08 16:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-08 16:13 - 2015-02-08 16:43 - 00000000 ____D () C:\Users\Dayvolt\Desktop\mbar
2015-02-08 10:20 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-08 10:20 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-08 10:20 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-08 10:20 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-08 10:20 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-08 10:20 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-08 10:20 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-08 10:20 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-08 10:20 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-08 10:20 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-07 14:36 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-07 14:36 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-07 14:36 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 19:30 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-11 19:29 - 2009-07-14 00:10 - 01462376 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 19:26 - 2011-02-05 19:57 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-11 19:26 - 2011-02-05 16:31 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-11 19:25 - 2013-10-05 17:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-11 19:25 - 2012-07-01 16:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-11 19:25 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 19:25 - 2009-07-13 23:51 - 00094000 _____ () C:\Windows\setupact.log
2015-02-11 19:05 - 2011-02-05 19:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-11 18:57 - 2012-07-01 16:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-11 18:57 - 2012-04-05 21:10 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-11 18:57 - 2011-12-25 10:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-11 18:57 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 18:57 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 18:48 - 2014-10-22 17:05 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-02-11 18:45 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-11 18:43 - 2012-09-08 21:20 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C5A7086F-7CFE-455B-B9B8-515B69E55093}
2015-02-09 17:07 - 2011-02-04 14:42 - 00681898 _____ () C:\Windows\PFRO.log
2015-02-08 17:52 - 2013-08-04 06:53 - 530209649 _____ () C:\Windows\MEMORY.DMP
2015-02-08 16:55 - 2014-11-16 09:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 16:13 - 2014-11-16 09:51 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-07 15:01 - 2013-08-14 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-07 14:52 - 2012-01-08 01:48 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-07 14:22 - 2012-12-09 19:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Files in the root of some directories =======

2014-10-31 07:09 - 2014-11-16 09:10 - 0000001 _____ () C:\Users\Dayvolt\AppData\Local\DSI.DAT
2011-02-05 16:52 - 2011-02-05 16:55 - 0000824 _____ () C:\ProgramData\hpzinstall.log
2014-02-26 21:31 - 2014-02-26 21:32 - 0000458 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-12-03 21:19 - 2013-12-03 21:19 - 0000040 _____ () C:\ProgramData\ra3.ini

Some content of TEMP:
====================
C:\Users\Dayvolt\AppData\Local\Temp\Quarantine.exe
C:\Users\Dayvolt\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-07 17:25

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02
Ran by Dayvolt at 2015-02-11 19:32:18
Running from C:\Users\Dayvolt\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-6490CW (HKLM-x32\...\{20E970DF-A7B2-4345-9DEB-72213A29645E}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Caesar IV (HKLM-x32\...\{B7666229-351B-47D9-AA6F-DF777CF04BBF}) (Version: 1.2 - Tilted Mill Entertainment)
Caesar IV Demo (HKLM-x32\...\{56C3017A-6E09-4101-8B35-EAC40DA86A9E}) (Version: 0.17.56 - Tilted Mill Entertainment)
Civilization III Complete Edition (HKLM-x32\...\InstallShield_{2157961D-0507-44A8-BCF2-1EE2D439E8DF}) (Version: 1.00.0000 - 2K Games)
Civilization III Complete Edition (x32 Version: 1.00.0000 - 2K Games) Hidden
Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{82696435-8572-4D8B-A230-D1AA567D0F0F}) (Version: 1.0.0.0 - Electronic Arts)
Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{BA4C8F9F-D81B-4AFE-AE5A-3837830F5B89}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert, Counterstrike and The Aftermath (HKLM-x32\...\{25456D58-2414-4CC4-AA1B-CF3A2BE00A79}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert™ 3 and Uprising (HKLM-x32\...\{3C315BF7-4B64-4024-8102-174A197437FA}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Renegade (HKLM-x32\...\{97B5E8B9-D5E6-49C4-8CDA-7E096BE2601A}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts)
Command & Conquer™ Tiberian Sun™ and Firestorm™ (HKLM-x32\...\{517FAF1E-3045-49DE-8079-107C2851389E}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
ConverterLite 0.1 (HKLM-x32\...\ConverterLite) (Version: 0.1 - Amnis Technology Ltd)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 4.41.0315.0262 - DT Soft Ltd)
DebugMode Wax 2.0 (HKLM-x32\...\DebugMode Wax 2.0) (Version:  - )
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
D-Fend Reloaded 1.3.1 (deinstall) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.3.1 - Alexander Herzog)
Diablo (HKLM-x32\...\Diablo) (Version:  - )
Diablo II (HKLM-x32\...\Diablo II) (Version:  - )
Diablo II (HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Diablo II) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.8.16603 - Blizzard Entertainment)
DJ_AIO_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Driver Manager (HKLM-x32\...\{686695ED-BB3F-415D-B0DB-18CF535F7B50}) (Version: 7 - Driver Manager)
Express Zip (HKLM-x32\...\ExpressZip) (Version:  - NCH Software)
F4100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
F4100_Help (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 5.20 - Philipp Winterberg)
Freight Tycoon Inc. (HKLM-x32\...\Steam App 289340) (Version:  - Nikita)
FrostWire 5.6.9 (HKLM-x32\...\FrostWire 5) (Version: 5.6.9.2 - FrostWire LLC)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
Gametap Player (HKLM-x32\...\Gametap Player) (Version:  - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{EB773820-0871-46A8-9B96-F2B04F8B34F0}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java™ 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MixPad Audio Mixer (HKLM-x32\...\MixPad) (Version:  - NCH Software)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Myst Masterpiece Edition (HKLM-x32\...\Myst Masterpiece Edition) (Version:  - )
NVIDIA 3D Vision Controller Driver 331.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.58 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 331.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.58 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.58 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.13.2142 - Electronic Arts, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
PhotoStage Slideshow Producer (HKLM-x32\...\PhotoStage) (Version:  - NCH Software)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.10 - NCH Software)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5963 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Sid Meier's Civilization IV (HKLM-x32\...\Steam App 3900) (Version:  - Firaxis Games)
Sid Meier's Civilization IV: Beyond the Sword (HKLM-x32\...\Steam App 8800) (Version:  - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sim City 2000 (HKU\S-1-5-21-695169538-937006988-3035725271-1000\...\Sim City 2000) (Version:  - )
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
WD Link (HKLM-x32\...\WD Link) (Version: 1.00.03 - Western Digital)
WD SmartWare Drive Manager (HKLM\...\{BEC2EFB7-93E4-4F5F-B056-602ACEC2B759}) (Version: 1.5.0 - Western Digital)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.0.5.16135 - Blizzard Entertainment)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.1) (Version: 1.3.2 - Xvid Team)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

05-12-2014 22:21:29 Windows Update
08-12-2014 01:00:10 Windows Update
11-12-2014 22:21:41 Windows Update
15-12-2014 01:00:27 Windows Update
18-12-2014 01:48:40 Windows Update
22-12-2014 21:43:02 Windows Update
07-02-2015 14:25:02 Windows Update
07-02-2015 14:52:08 Windows Update
08-02-2015 17:38:40 Windows Update
08-02-2015 20:55:54 Windows Update
09-02-2015 01:00:16 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-02-07 14:33 - 00000675 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1C644779-1545-4C6A-A9E7-9A5427551499} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {1DF9FF2D-0F3B-45F2-BE6B-9AB6BB152744} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {2E2D482F-02FA-4451-B37C-A9D48109BFF7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-11] (Adobe Systems Incorporated)
Task: {2FAE86E7-97EF-458D-9342-EFD3F1A9AFE1} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {505E23B5-30FC-423C-9C9B-F2AF61B1C7A0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8F8D1F91-7C63-4A03-B37C-594B1068627F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {A32850F2-C528-443A-B24A-32BCB20A69C3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CD61527B-A066-46A5-9409-74A35F64F248} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-10-05 17:01 - 2013-10-15 16:47 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2013-06-24 22:10 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2011-02-04 12:47 - 2010-03-03 21:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-695169538-937006988-3035725271-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dayvolt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-695169538-937006988-3035725271-500 - Administrator - Disabled)
Dayvolt (S-1-5-21-695169538-937006988-3035725271-1000 - Administrator - Enabled) => C:\Users\Dayvolt
Guest (S-1-5-21-695169538-937006988-3035725271-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-695169538-937006988-3035725271-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 32%
Total physical RAM: 4094.98 MB
Available physical RAM: 2747.58 MB
Total Pagefile: 8188.15 MB
Available Pagefile: 6769.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.65 GB) (Free:125.97 GB) NTFS
Drive f: () (Removable) (Total:14.9 GB) (Free:14.87 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



#6 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:12:16 PM

Posted 12 February 2015 - 01:58 PM

Your computer is not clean yet. There is more to do, so please follow these steps:

1.- Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it to your Desktop as fixlist.txt
FF Extension: No Name - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\extensions\ihbocqgxcu@ihbocqgxcu.org.xpi [Not Found]
FF Extension: No Name - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\extensions\wrigtdamon@yahoo.com [Not Found]
S2 IntuitUpdateServiceV4; "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [X]
C:\Program Files (x86)\epicplay
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST and press the Fix button just once and wait.
The tool will make a log on your desktop (Fixlog.txt) please post it to your reply.

2.- Download RogueKiller and Save to the desktop.
Note: Do NOT click the Delete button, unless otherwise instructed.
  • Close all windows and browsers
  • Double click on RogueKiller.exe to run the tool.
  • Press the scan button.
  • Once the scan is done, click on Report.
  • A log file will open, please copy/paste the context of that file into your next reply.
3.- Download TDSSKiller and save it to your desktop.
Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then click on the change parameters option. Place a check next to Loaded modules.
It will ask you to reboot the computer, click on Reboot now.
TDSSKiller will start automatically after the restart
Now click on the change parameters option.
Once you are in there, place a check next to Verify file digital signatures and Detect TDLFS file system, then click on the OK button.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

#7 dayvolt

dayvolt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 12 February 2015 - 06:31 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02
Ran by Dayvolt at 2015-02-12 17:41:04 Run:2
Running from C:\Users\Dayvolt\Desktop
Loaded Profiles: Dayvolt (Available profiles: Dayvolt)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF Extension: No Name -
C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\extensions\ihbocqgxcu@ihbocqgxcu.org.xpi [Not Found]
FF Extension: No Name - C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\extensions\wrigtdamon@yahoo.com [Not Found]
S2 IntuitUpdateServiceV4; "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [X]
C:\Program Files (x86)\epicplay
*****************

FF Extension: No Name - not found.
"C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\extensions\ihbocqgxcu@ihbocqgxcu.org.xpi [Not Found]" => File/Directory not found.
C:\Users\Dayvolt\AppData\Roaming\Mozilla\Firefox\Profiles\ordzcmzn.default\extensions\wrigtdamon@yahoo.com not found.
IntuitUpdateServiceV4 => Service deleted successfully.
"C:\Program Files (x86)\epicplay" => File/Directory not found.

==== End of Fixlog 17:41:04 ====



#8 dayvolt

dayvolt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 12 February 2015 - 06:35 PM

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dayvolt [Administrator]
Mode : Scan -- Date : 02/12/2015  18:34:26

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] {B4800939-0396-4F11-B8FC-11ABEFD9CF90}.exe(3412) -- C:\Users\Dayvolt\AppData\Local\Temp\{B4800939-0396-4F11-B8FC-11ABEFD9CF90}.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKS-75V0A0 +++++
--- User ---
[MBR] 8f76e4c940d326360f59be58d7561527
[BSP] 43e2be632fa467e7e97cb39987fa84d2 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 161792 | Size: 12318 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 25389056 | Size: 464542 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SanDisk Cruzer Glide USB Device +++++
--- User ---
[MBR] a124dc1f32b91ceacb765c7a5ad6ec2e
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 15266 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Brother MFC-6490CW USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- SM/xD Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive6: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_DEL_02092015_172914.log - RKreport_DEL_02092015_172922.log - RKreport_DEL_02092015_172925.log - RKreport_DEL_02092015_172934.log
RKreport_DEL_02092015_172947.log - RKreport_DEL_02092015_173711.log - RKreport_SCN_02092015_172856.log - RKreport_SCN_02092015_173514.log
RKreport_SCN_02122015_175222.log



#9 dayvolt

dayvolt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 12 February 2015 - 06:57 PM

I can not get the last log to post. It starts the upload and then never actually posts



#10 dayvolt

dayvolt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 12 February 2015 - 07:31 PM

I tried to upload the TDSSKiller Log five times and it never posted so I have attached it this time. Hopefully you can read it

Attached Files



#11 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:12:16 PM

Posted 13 February 2015 - 01:42 PM

Follow these steps:
 
1.- Please open Malwarebytes Anti-Malware

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Please update the database by clicking on the Update Now button as shown below.
Capture1_zps47821576.jpg
  • Following the update, Click Settings > Detection and Protection and make sure Scan for Rootkits it checked.
MBAM%20rootkit%20setting.jpg
  • Click on Dashboard, then click on the large green Scan Now button to begin the Threat Scan.If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on View Detailed Log.
MBAMThreatScan_zpsc6c6daeb.jpg
  • After viewing the results, please click on the Copy to Clipboard button > OK.
    MBAMScanLog_zps21b494ad.jpg
  • Return to our forum. Paste your log into your next reply.
  • Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.
2.-  Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes and if it finds anything, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


#12 dayvolt

dayvolt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 13 February 2015 - 08:32 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/13/2015
Scan Time: 8:18:49 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.13.09
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dayvolt

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354896
Time Elapsed: 13 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#13 dayvolt

dayvolt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 14 February 2015 - 01:47 PM

C:\torrent.exe Win32/BundleInstaller.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\jZip\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\jZip\Uninstall.exe.vir a variant of Win32/Toolbar.SearchSuite.J potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b\maintainer.bak.vir Win32/BrowseFox.V potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Dayvolt\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gchhimlnjdafdlkojbffdkogjhhkdepf\150\lsdb.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Dayvolt\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gchhimlnjdafdlkojbffdkogjhhkdepf\150\smPbun.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Dayvolt\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nmfjdbaijeacnnbgijdfbbcnkglcokom\2.0\Go.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Dayvolt\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nmfjdbaijeacnnbgijdfbbcnkglcokom\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Dayvolt\AppData\Local\torch\User Data\Default\Extensions\gchhimlnjdafdlkojbffdkogjhhkdepf\150\lsdb.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Dayvolt\AppData\Local\torch\User Data\Default\Extensions\gchhimlnjdafdlkojbffdkogjhhkdepf\150\smPbun.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Dayvolt\AppData\Local\torch\User Data\Default\Extensions\nmfjdbaijeacnnbgijdfbbcnkglcokom\2.0\Go.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Dayvolt\AppData\Local\torch\User Data\Default\Extensions\nmfjdbaijeacnnbgijdfbbcnkglcokom\2.0\lsdb.js.vir JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\lmrn.dll.vir a variant of Win32/Toolbar.Perion.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\stij.exe.vir a variant of Win32/Toolbar.Perion.H potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\NaosZbrags\HttpsProxy.exe a variant of Win32/Adware.ObronaAds.C application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\NaosZbrags\NaosZbrags.exe a variant of Win32/Adware.ObronaAds.B application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\NaosZbrags\NaosZbragsHelper.exe Win32/Adware.ObronaAds.B application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\ExpressZip\expresszip.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\ExpressZip\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\ExpressZip\zipsetup_v2.03.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\MixPad\mixpad.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\MixPad\mpsetup_v3.06.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\MixPad\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\PhotoStage\photostage.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\PhotoStage\pstagesetup_v2.13.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\PhotoStage\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\Prism\prism.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted - quarantined
C:\Program Files (x86)\NCH Software\Prism\prismsetup_v2.10.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted - quarantined
C:\Users\Dayvolt\.frostwire5\updates\frostwire-5.6.9.windows.coc.premium.exe a variant of Win32/OpenCandy.C potentially unsafe application deleted - quarantined
C:\Users\Dayvolt\AppData\Local\Apps\2.0\26Y1XYWX.84L\0J4OLTQ0.43N\setu...app_b0a1ab0b1e43fdd8_0000.0000_0b0eee0a6f88b0b4\SetupWizard.exe a variant of Win32/SoftPulse.P potentially unwanted application deleted - quarantined
C:\Users\Dayvolt\AppData\Local\Apps\2.0\26Y1XYWX.84L\0J4OLTQ0.43N\setu...app_b0a1ab0b1e43fdd8_0000.0000_762d8c8c284f7336\SetupWizard.exe a variant of Win32/SoftPulse.P potentially unwanted application deleted - quarantined
C:\Users\Dayvolt\AppData\Local\Apps\2.0\26Y1XYWX.84L\0J4OLTQ0.43N\setup.exe_b0a1ab0b1e43fdd8_0000.0000_none_5bbae5184ca8f743\SetupWizard.exe a variant of Win32/SoftPulse.P potentially unwanted application deleted - quarantined
C:\Users\Dayvolt\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gchhimlnjdafdlkojbffdkogjhhkdepf\150\lsdb.js JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\Dayvolt\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gchhimlnjdafdlkojbffdkogjhhkdepf\150\smPbun.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Dayvolt\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmfjdbaijeacnnbgijdfbbcnkglcokom\2.0\Go.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Dayvolt\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmfjdbaijeacnnbgijdfbbcnkglcokom\2.0\lsdb.js JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\Dayvolt\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gchhimlnjdafdlkojbffdkogjhhkdepf\150\lsdb.js JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\Dayvolt\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gchhimlnjdafdlkojbffdkogjhhkdepf\150\smPbun.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Dayvolt\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmfjdbaijeacnnbgijdfbbcnkglcokom\2.0\Go.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Dayvolt\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmfjdbaijeacnnbgijdfbbcnkglcokom\2.0\lsdb.js JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\Dayvolt\Desktopሄ.exe Win32/UltraReach potentially unsafe application deleted - quarantined
C:\Users\Dayvolt\Desktopጁ.exe Win32/UltraReach.AF potentially unsafe application deleted - quarantined
 



#14 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:12:16 PM

Posted 15 February 2015 - 11:50 AM

How are things running now?

#15 dayvolt

dayvolt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 15 February 2015 - 01:02 PM

Everything seems to be running perfect thank you very much
Everything seems to be running perfect thank you very much




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users