Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep seeing popups/computer significantly slowed


  • This topic is locked This topic is locked
18 replies to this topic

#1 gaiaroadkilik

gaiaroadkilik

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 11 May 2015 - 09:18 PM

I've had this problem for a few days now, and I can't quite figure out what's causing it. I looked into it, and it looks exactly like the CouponDropDown ads, but none of the fixes listed on this website's self-help seemed to apply. My computer also seems to have increased startup times, and chrome (the only browser I use) seems to be getting the worst of it. Here are the FRST logs, and hopefully someone can help! 
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Jason (administrator) on JASONSTHING on 11-05-2015 20:14:05
Running from C:\Users\Jason\Downloads
Loaded Profiles: Jason (Available profiles: Jason)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
(Spotify Ltd) C:\Users\Jason\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\Jason\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Jason\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Jason\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Jason\AppData\Roaming\Spotify\Spotify.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\Run: [Spotify Web Helper] => C:\Users\Jason\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-23] (Spotify Ltd)
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\Run: [Spotify] => C:\Users\Jason\AppData\Roaming\Spotify\Spotify.exe [7168568 2015-04-23] (Spotify Ltd)
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\MountPoints2: {947d14b3-b0b7-11e3-82ad-94dbc9968126} - "E:\Autorun.exe" 
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\MountPoints2: {e85368e2-4d5b-11e3-8256-806e6f6e6963} - "D:\launcher.exe" 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-1070527172-730823832-1899421597-1002] => 127.0.0.1:8118
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2014-10-25] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-1070527172-730823832-1899421597-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jason\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-14]
CHR Extension: (Google Search) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-14]
CHR Extension: (Bookmark Manager) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-14]
CHR Extension: (Gmail) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-30] (EasyAntiCheat Ltd)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-02] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22128 2012-03-08] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2015-01-06] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2015-01-06] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2015-01-06] (BitDefender)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2015-01-06] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2015-01-06] (BitDefender LLC)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39080 2013-10-13] (Razer Inc)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-11 19:35 - 2015-05-11 19:35 - 00060629 _____ () C:\Users\Jason\Downloads\Addition.txt
2015-05-11 19:34 - 2015-05-11 20:14 - 00013849 _____ () C:\Users\Jason\Downloads\FRST.txt
2015-05-11 19:34 - 2015-05-11 20:14 - 00000000 ____D () C:\FRST
2015-05-11 19:33 - 2015-05-11 19:33 - 02102784 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe
2015-05-11 19:28 - 2015-05-11 19:29 - 00000000 ____D () C:\Users\Jason\BackupTEMP
2015-05-11 19:16 - 2015-05-11 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-05-11 19:16 - 2015-05-11 19:16 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2015-05-11 19:12 - 2015-05-11 19:14 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Jason\Downloads\cbSetup.exe
2015-05-11 17:50 - 2015-05-11 20:15 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1070527172-730823832-1899421597-1002
2015-05-11 17:45 - 2015-05-11 18:48 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-11 17:45 - 2015-05-11 17:45 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-11 17:45 - 2015-05-11 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-11 17:44 - 2015-05-11 17:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-11 17:44 - 2015-05-11 17:44 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Jason\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-11 17:44 - 2015-05-11 17:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-11 17:44 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-11 17:44 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-11 17:44 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-11 17:41 - 2015-05-11 17:43 - 00001616 _____ () C:\Users\Jason\Desktop\Rkill.txt
2015-05-11 17:41 - 2015-05-11 17:41 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Jason\Downloads\rkill.exe
2015-05-11 17:41 - 2015-05-11 17:41 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Jason\Downloads\rkill64.exe
2015-05-11 17:36 - 2015-05-11 17:36 - 02204160 _____ () C:\Users\Jason\Downloads\adwcleaner_4.203.exe
2015-05-11 17:18 - 2015-05-11 17:18 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-05-11 17:12 - 2015-05-11 17:19 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-11 17:11 - 2015-05-11 17:12 - 11024496 _____ (SurfRight B.V.) C:\Users\Jason\Downloads\HitmanPro_x64.exe
2015-05-11 17:08 - 2015-05-11 17:08 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Jason\Downloads\tdsskiller.exe
2015-05-10 22:12 - 2015-05-10 22:12 - 00002904 _____ () C:\Users\Jason\Desktop\JRT.txt
2015-05-10 22:10 - 2015-05-10 22:10 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JASONSTHING-Windows-8.1-(64-bit).dat
2015-05-10 22:10 - 2015-05-10 22:10 - 00000000 ____D () C:\RegBackup
2015-05-10 22:09 - 2015-05-10 22:10 - 02720307 _____ (Thisisu) C:\Users\Jason\Downloads\JRT.exe
2015-05-10 21:53 - 2015-05-11 17:37 - 00000000 ____D () C:\AdwCleaner
2015-05-10 20:46 - 2015-05-10 21:16 - 00003008 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-05-10 20:46 - 2015-05-10 21:16 - 00003008 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-05-10 20:46 - 2015-05-10 20:46 - 00000246 _____ () C:\prefs.js
2015-05-10 20:46 - 2015-05-10 20:46 - 00000000 ____D () C:\searchplugins
2015-05-10 20:42 - 2015-05-11 18:48 - 00002352 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-05-10 20:42 - 2015-05-10 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-05-10 20:42 - 2015-05-10 20:42 - 00000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2015-05-10 20:42 - 2015-01-06 12:47 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2015-05-10 20:42 - 2015-01-06 12:37 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2015-05-10 20:35 - 2015-05-10 20:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-05-10 20:28 - 2015-05-10 20:28 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-05-10 20:24 - 2015-05-10 20:24 - 02057008 _____ () C:\Users\Jason\Downloads\Adaware_Installer.exe
2015-05-10 18:25 - 2015-05-10 20:04 - 00000000 ____D () C:\Users\Jason\Downloads\The Masseuse 8 - 2015 Sweet Sinner Split Scenes
2015-05-10 18:09 - 2015-05-10 18:09 - 00115712 ___SH () C:\Users\Jason\Downloads\Thumbs.db
2015-05-10 17:49 - 2015-05-11 18:19 - 00003264 _____ () C:\Windows\System32\Tasks\IT Viewer Schedualer
2015-05-10 17:49 - 2015-05-10 21:58 - 00000000 ____D () C:\Program Files (x86)\IT Viewer
2015-05-10 17:49 - 2015-05-10 18:19 - 00003272 _____ () C:\Windows\System32\Tasks\Security Software
2015-05-10 17:49 - 2015-05-10 17:49 - 00000000 _____ () C:\Users\Jason\AppData\Roaming\D010.tmp
2015-05-07 10:41 - 2015-05-07 10:41 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts
2015-05-07 10:30 - 2015-05-07 10:30 - 00000000 ____D () C:\Program Files (x86)\LucasArts
2015-04-29 19:35 - 2015-05-07 19:14 - 00000000 ____D () C:\Users\Jason\Documents\Garbage
2015-04-14 19:43 - 2015-03-23 15:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 19:43 - 2015-03-23 15:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 19:43 - 2015-03-23 15:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-14 19:43 - 2015-03-23 15:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 19:43 - 2015-03-23 15:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-14 19:43 - 2015-03-19 22:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-14 19:43 - 2015-03-19 22:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 19:43 - 2015-03-19 22:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 19:43 - 2015-03-19 21:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-14 19:43 - 2015-03-19 20:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-14 19:43 - 2015-03-19 20:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-14 19:43 - 2015-03-19 20:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-14 19:42 - 2015-03-22 16:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 19:42 - 2015-03-22 16:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 19:42 - 2015-03-22 16:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 19:42 - 2015-03-22 16:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 19:42 - 2015-03-22 16:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 19:42 - 2015-03-22 16:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 19:42 - 2015-03-22 16:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 19:42 - 2015-03-14 02:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 19:42 - 2015-03-14 02:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-14 19:42 - 2015-03-14 02:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-14 19:42 - 2015-03-13 19:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 19:42 - 2015-03-13 19:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 19:42 - 2015-03-13 19:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 19:42 - 2015-03-13 19:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 19:42 - 2015-03-13 19:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 19:42 - 2015-03-13 18:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 19:42 - 2015-03-13 18:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 19:42 - 2015-03-13 18:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 19:42 - 2015-03-13 18:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-14 19:42 - 2015-03-13 18:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-14 19:42 - 2015-03-13 18:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 19:42 - 2015-03-13 18:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 19:42 - 2015-03-13 18:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 19:42 - 2015-03-13 18:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 19:42 - 2015-03-13 18:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 19:42 - 2015-03-13 17:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 19:42 - 2015-03-13 17:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 19:42 - 2015-03-12 22:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 19:42 - 2015-03-12 22:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 19:42 - 2015-03-12 22:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 19:42 - 2015-03-12 21:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-14 19:42 - 2015-03-12 21:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 19:42 - 2015-03-12 21:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 19:42 - 2015-03-12 21:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 19:42 - 2015-03-12 21:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 19:42 - 2015-03-12 21:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 19:42 - 2015-03-12 21:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-14 19:42 - 2015-03-12 21:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-14 19:42 - 2015-03-12 21:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 19:42 - 2015-03-12 21:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 19:42 - 2015-03-12 21:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 19:42 - 2015-03-12 20:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-14 19:42 - 2015-03-12 20:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-14 19:42 - 2015-03-12 20:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 19:42 - 2015-03-12 20:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 19:42 - 2015-03-12 20:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 19:42 - 2015-03-12 20:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-14 19:42 - 2015-03-12 20:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 19:42 - 2015-03-12 20:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 19:42 - 2015-03-12 20:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 19:42 - 2015-03-12 20:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 19:42 - 2015-03-12 20:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 19:42 - 2015-03-12 20:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 19:42 - 2015-03-04 04:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-14 19:42 - 2015-03-03 21:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 19:42 - 2015-03-03 20:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 19:42 - 2015-02-24 02:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 19:42 - 2015-02-20 17:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-14 18:52 - 2015-05-11 19:03 - 00000000 ____D () C:\Users\Jason\AppData\Local\Spotify
2015-04-14 18:51 - 2015-05-11 19:03 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Spotify
2015-04-14 18:51 - 2015-04-14 18:51 - 00155296 _____ (Spotify Ltd) C:\Users\Jason\Downloads\SpotifySetup.exe
2015-04-14 18:51 - 2015-04-14 18:51 - 00001862 _____ () C:\Users\Jason\Desktop\Spotify.lnk
2015-04-14 18:51 - 2015-04-14 18:51 - 00001848 _____ () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-11 08:00 - 2015-04-11 08:00 - 29720272 _____ () C:\Users\Jason\Downloads\SWTOR_setup (1).exe
2015-04-11 08:00 - 2015-04-11 08:00 - 00001476 _____ () C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-11 20:10 - 2013-11-14 13:41 - 01943269 _____ () C:\Windows\WindowsUpdate.log
2015-05-11 20:06 - 2013-11-14 13:48 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4B69A622-9FCF-461E-B600-785746FBC620}
2015-05-11 20:00 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-11 19:32 - 2014-06-22 14:27 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8e58704846e9.job
2015-05-11 19:28 - 2013-11-14 13:43 - 00000000 ____D () C:\Users\Jason
2015-05-11 19:27 - 2013-11-14 13:57 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-11 19:27 - 2013-11-14 13:57 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-11 18:48 - 2013-11-14 13:47 - 00000000 __RDO () C:\Users\Jason\SkyDrive
2015-05-11 18:47 - 2014-10-10 20:03 - 00003232 _____ () C:\Windows\System32\Tasks\Run LSI
2015-05-11 18:47 - 2014-10-10 18:38 - 00000000 ____D () C:\Program Files (x86)\LSI
2015-05-11 18:47 - 2013-09-30 13:26 - 00046504 _____ () C:\Windows\PFRO.log
2015-05-11 18:47 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\PLA
2015-05-11 18:47 - 2013-08-22 08:46 - 00041185 _____ () C:\Windows\setupact.log
2015-05-11 18:47 - 2013-08-22 08:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-11 18:46 - 2013-08-22 07:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-05-10 22:02 - 2013-11-11 17:33 - 00001225 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk
2015-05-10 21:38 - 2013-12-15 02:22 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Lavasoft
2015-05-10 21:38 - 2013-11-19 04:06 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-05-10 17:50 - 2013-11-14 13:58 - 00002108 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-10 17:50 - 2013-11-14 13:45 - 00001374 _____ () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-09 19:35 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-07 10:42 - 2013-11-15 18:10 - 00267986 _____ () C:\Windows\DirectX.log
2015-05-06 23:23 - 2013-11-15 05:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-04 20:31 - 2015-01-31 21:11 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LSI - LoL Summoner Information
2015-05-04 20:31 - 2015-01-31 21:11 - 00000000 ____D () C:\Users\Jason\AppData\Local\LSI
2015-04-24 09:29 - 2014-02-06 00:59 - 00000000 ____D () C:\Users\Jason\AppData\Local\Battle.net
2015-04-23 23:53 - 2014-02-06 00:59 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-23 21:33 - 2014-04-11 06:07 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-04-17 15:34 - 2014-04-15 04:54 - 00000000 ____D () C:\Users\Jason\Documents\My Games
2015-04-16 19:48 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 19:45 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\rescache
2015-04-15 20:36 - 2013-08-22 09:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-14 22:06 - 2014-12-10 01:52 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-14 22:06 - 2014-07-09 13:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-14 20:06 - 2013-11-15 14:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-14 20:02 - 2013-11-15 14:18 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 19:42 - 2014-11-11 14:21 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-04-13 17:24 - 2013-08-22 09:38 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-13 17:24 - 2013-08-22 09:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-11 08:00 - 2015-04-02 22:07 - 00014565 _____ () C:\Users\Jason\Documents\Install STAR WARS The Old Republic.log
 
==================== Files in the root of some directories =======
 
2015-05-10 17:49 - 2015-05-10 17:49 - 0000000 _____ () C:\Users\Jason\AppData\Roaming\D010.tmp
2013-11-15 05:09 - 2013-11-16 02:41 - 0007602 _____ () C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
2015-05-10 20:42 - 2015-05-10 20:42 - 0000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
 
Some content of TEMP:
====================
C:\Users\Jason\AppData\Local\Temp\22DB.tmp.exe
C:\Users\Jason\AppData\Local\Temp\43E2.tmp.exe
C:\Users\Jason\AppData\Local\Temp\468E.tmp.exe
C:\Users\Jason\AppData\Local\Temp\6e44adbd-f870-42ba-843a-6719dfa3740c.exe
C:\Users\Jason\AppData\Local\Temp\AutoRun.exe
C:\Users\Jason\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Jason\AppData\Local\Temp\BRSVC_2161718000_hlp.exe
C:\Users\Jason\AppData\Local\Temp\CD14.tmp.exe
C:\Users\Jason\AppData\Local\Temp\Gw2.exe
C:\Users\Jason\AppData\Local\Temp\Quarantine.exe
C:\Users\Jason\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-01 20:58
 
==================== End Of Log ============================ [attachment=164680:Addition.txt]


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:41 PM

Posted 14 May 2015 - 11:49 AM

:welcome:

Hello gaiaroadkilik,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 gaiaroadkilik

gaiaroadkilik
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 14 May 2015 - 06:03 PM

Here's the first one

 Results of screen317's Security Check version 1.001  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Ad-Aware Antivirus   
Windows Defender     
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
  Adobe Flash Player 11.1.102.55 Flash Player out of Date!  
 Google Chrome (42.0.2311.135) 
 Google Chrome (42.0.2311.90) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.6.306.7947\AdAwareService.exe 
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.6.306.7947\AdAwareTray.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 

As for the Malware Anti-Rootkit, it did not find any malware.

I didn't see the "report" button, but I did see the logfile. I'm not sure if this is the one you want, but here it is. 

# AdwCleaner v4.203 - Logfile created 14/05/2015 at 17:00:09
# Updated 30/04/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Jason - JASONSTHING
# Running from : C:\Users\Jason\Downloads\adwcleaner_4.203 (2).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\prefs.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:8118
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v42.0.2311.135


*************************

AdwCleaner[R0].txt - [3101 bytes] - [10/05/2015 21:54:18]
AdwCleaner[R1].txt - [3160 bytes] - [10/05/2015 22:02:01]
AdwCleaner[R2].txt - [966 bytes] - [11/05/2015 17:37:02]
AdwCleaner[R3].txt - [1435 bytes] - [14/05/2015 16:56:10]
AdwCleaner[R4].txt - [1238 bytes] - [14/05/2015 17:00:09]
AdwCleaner[S0].txt - [2927 bytes] - [10/05/2015 22:02:37]
AdwCleaner[S1].txt - [1031 bytes] - [11/05/2015 17:37:38]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1415 bytes] ##########


 


#4 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:41 PM

Posted 15 May 2015 - 02:47 AM

Hello gaiaroadkilik,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 gaiaroadkilik

gaiaroadkilik
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 15 May 2015 - 11:44 AM

Here's the Adwcleaner logs after the cleaning

# AdwCleaner v4.204 - Logfile created 15/05/2015 at 10:32:47
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Jason - JASONSTHING
# Running from : C:\Users\Jason\Downloads\adwcleaner_4.204.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\prefs.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:8118

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v42.0.2311.152


*************************

AdwCleaner[R0].txt - [3101 bytes] - [10/05/2015 21:54:18]
AdwCleaner[R1].txt - [3160 bytes] - [10/05/2015 22:02:01]
AdwCleaner[R2].txt - [966 bytes] - [11/05/2015 17:37:02]
AdwCleaner[R3].txt - [1435 bytes] - [14/05/2015 16:56:10]
AdwCleaner[R4].txt - [1494 bytes] - [14/05/2015 17:00:09]
AdwCleaner[R5].txt - [1549 bytes] - [15/05/2015 10:31:59]
AdwCleaner[S0].txt - [2927 bytes] - [10/05/2015 22:02:37]
AdwCleaner[S1].txt - [1031 bytes] - [11/05/2015 17:37:38]
AdwCleaner[S2].txt - [1270 bytes] - [15/05/2015 10:32:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1329  bytes] ##########

Here's the Junkware logs

# AdwCleaner v4.204 - Logfile created 15/05/2015 at 10:32:47 # Updated 12/05/2015 by Xplode # Database : 2015-05-12.2 [Server] # Operating system : Windows 8.1 (x64) # Username : Jason - JASONSTHING # Running from : C:\Users\Jason\Downloads\adwcleaner_4.204.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : C:\prefs.js ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:8118 ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Google Chrome v42.0.2311.152 ************************* AdwCleaner[R0].txt - [3101 bytes] - [10/05/2015 21:54:18] AdwCleaner[R1].txt - [3160 bytes] - [10/05/2015 22:02:01] AdwCleaner[R2].txt - [966 bytes] - [11/05/2015 17:37:02] AdwCleaner[R3].txt - [1435 bytes] - [14/05/2015 16:56:10] AdwCleaner[R4].txt - [1494 bytes] - [14/05/2015 17:00:09] AdwCleaner[R5].txt - [1549 bytes] - [15/05/2015 10:31:59] AdwCleaner[S0].txt - [2927 bytes] - [10/05/2015 22:02:37] AdwCleaner[S1].txt - [1031 bytes] - [11/05/2015 17:37:38] AdwCleaner[S2].txt - [1270 bytes] - [15/05/2015 10:32:47] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1329 bytes] ##########

Here's the Farbar scan
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 02
Ran by Jason (administrator) on JASONSTHING on 15-05-2015 10:42:27
Running from C:\Users\Jason\Downloads
Loaded Profiles: Jason (Available profiles: Jason)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\Run: [Spotify Web Helper] => C:\Users\Jason\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-12] (Spotify Ltd)
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\Run: [Spotify] => C:\Users\Jason\AppData\Roaming\Spotify\Spotify.exe [7320120 2015-05-12] (Spotify Ltd)
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\MountPoints2: {947d14b3-b0b7-11e3-82ad-94dbc9968126} - "E:\Autorun.exe" 
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\MountPoints2: {e85368e2-4d5b-11e3-8256-806e6f6e6963} - "D:\launcher.exe" 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2014-10-25] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-1070527172-730823832-1899421597-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jason\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-14]
CHR Extension: (Google Search) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-14]
CHR Extension: (Bookmark Manager) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-14]
CHR Extension: (Gmail) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-30] (EasyAntiCheat Ltd)
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-02] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22128 2012-03-08] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2015-01-06] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2015-01-06] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2015-01-06] (BitDefender)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2015-01-06] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2015-01-06] (BitDefender LLC)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39080 2013-10-13] (Razer Inc)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-15 10:42 - 2015-05-15 10:42 - 00000000 ____D () C:\Users\Jason\Downloads\FRST-OlderVersion
2015-05-15 10:38 - 2015-05-15 10:38 - 00001049 _____ () C:\Users\Jason\Desktop\JRT.txt
2015-05-15 10:36 - 2015-05-15 10:36 - 02721175 _____ (Thisisu) C:\Users\Jason\Downloads\JRT (1).exe
2015-05-15 10:31 - 2015-05-15 10:31 - 02209792 _____ () C:\Users\Jason\Downloads\adwcleaner_4.204.exe
2015-05-14 16:59 - 2015-05-14 16:59 - 02204160 _____ () C:\Users\Jason\Downloads\adwcleaner_4.203 (2).exe
2015-05-14 16:55 - 2015-05-14 16:55 - 02204160 _____ () C:\Users\Jason\Downloads\adwcleaner_4.203 (1).exe
2015-05-14 16:37 - 2015-05-14 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-14 16:35 - 2015-05-14 16:53 - 00000000 ____D () C:\Users\Jason\Desktop\mbar
2015-05-14 16:35 - 2015-05-14 16:35 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Jason\Downloads\mbar-1.09.1.1004.exe
2015-05-14 16:32 - 2015-05-14 16:32 - 00852630 _____ () C:\Users\Jason\Downloads\SecurityCheck.exe
2015-05-12 18:40 - 2015-04-30 14:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 18:40 - 2015-04-30 14:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 17:22 - 2015-04-30 17:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 17:22 - 2015-04-30 16:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 17:22 - 2015-04-24 15:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 17:22 - 2015-04-13 16:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 17:22 - 2015-04-09 19:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 17:22 - 2015-04-09 18:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 17:22 - 2015-04-09 18:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-12 17:22 - 2015-04-09 18:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 17:22 - 2015-04-09 18:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-12 17:22 - 2015-04-08 16:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 17:22 - 2015-04-02 18:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-12 17:22 - 2015-04-02 18:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 17:22 - 2015-04-01 16:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-12 17:22 - 2015-04-01 16:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-12 17:22 - 2015-03-31 21:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-12 17:22 - 2015-03-31 20:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-12 17:22 - 2015-03-29 23:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-12 17:22 - 2015-03-26 21:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 17:22 - 2015-03-26 20:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 17:22 - 2015-03-26 20:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 17:22 - 2015-03-19 19:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-12 17:22 - 2015-03-17 11:26 - 00467776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-12 17:22 - 2015-03-12 22:03 - 00239424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-12 17:22 - 2015-03-12 22:03 - 00154432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-12 17:22 - 2015-03-12 20:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-12 17:22 - 2015-03-12 19:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-12 17:22 - 2015-03-12 18:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-12 17:22 - 2015-03-12 18:29 - 00410017 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-12 17:22 - 2015-03-10 19:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 17:22 - 2015-03-10 19:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 17:22 - 2015-03-08 20:02 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-12 17:22 - 2015-03-05 21:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 17:22 - 2015-03-05 20:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-12 17:22 - 2015-03-05 20:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 17:22 - 2015-03-04 17:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 17:22 - 2015-03-03 19:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-12 17:22 - 2015-03-03 19:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 17:22 - 2015-02-17 17:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-12 17:22 - 2015-01-29 18:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-12 17:22 - 2014-11-14 00:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-12 17:21 - 2015-04-21 11:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 17:21 - 2015-04-21 10:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 17:21 - 2015-04-21 10:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 17:21 - 2015-04-21 10:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 17:21 - 2015-04-21 10:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 17:21 - 2015-04-21 10:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 17:21 - 2015-04-21 10:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 17:21 - 2015-04-21 10:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 17:21 - 2015-04-21 10:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-12 17:21 - 2015-04-21 10:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 17:21 - 2015-04-21 10:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 17:21 - 2015-04-21 10:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 17:21 - 2015-04-21 10:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-12 17:21 - 2015-04-21 10:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 17:21 - 2015-04-21 10:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 17:21 - 2015-04-21 09:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-12 17:21 - 2015-04-21 09:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 17:21 - 2015-04-21 09:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-12 17:21 - 2015-04-21 09:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 17:21 - 2015-04-21 09:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 17:21 - 2015-04-21 09:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 17:21 - 2015-04-21 09:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 17:21 - 2015-04-21 09:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 17:21 - 2015-04-21 09:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 17:21 - 2015-04-21 09:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-12 17:21 - 2015-04-21 09:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 17:21 - 2015-04-21 09:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-12 17:21 - 2015-04-21 09:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 17:21 - 2015-04-21 09:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-12 17:21 - 2015-04-21 09:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 17:21 - 2015-04-21 09:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 17:21 - 2015-04-21 09:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 17:21 - 2015-04-21 09:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 17:21 - 2015-04-21 09:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 17:21 - 2015-04-21 09:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 17:21 - 2015-04-21 09:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 17:21 - 2015-04-21 09:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 17:21 - 2015-04-21 08:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 17:21 - 2015-04-21 08:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-11 19:35 - 2015-05-11 20:15 - 00060510 _____ () C:\Users\Jason\Downloads\Addition.txt
2015-05-11 19:34 - 2015-05-15 10:42 - 00011814 _____ () C:\Users\Jason\Downloads\FRST.txt
2015-05-11 19:34 - 2015-05-15 10:42 - 00000000 ____D () C:\FRST
2015-05-11 19:33 - 2015-05-15 10:42 - 02106368 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe
2015-05-11 19:28 - 2015-05-11 20:19 - 00000000 ____D () C:\Users\Jason\BackupTEMP
2015-05-11 19:16 - 2015-05-11 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-05-11 19:16 - 2015-05-11 19:16 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2015-05-11 19:12 - 2015-05-11 19:14 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Jason\Downloads\cbSetup.exe
2015-05-11 17:45 - 2015-05-15 10:34 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-11 17:45 - 2015-05-11 17:45 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-11 17:45 - 2015-05-11 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-11 17:44 - 2015-05-14 16:35 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-11 17:44 - 2015-05-11 17:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-11 17:44 - 2015-05-11 17:44 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Jason\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-11 17:44 - 2015-05-11 17:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-11 17:44 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-11 17:44 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-11 17:41 - 2015-05-11 17:43 - 00001616 _____ () C:\Users\Jason\Desktop\Rkill.txt
2015-05-11 17:41 - 2015-05-11 17:41 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Jason\Downloads\rkill.exe
2015-05-11 17:41 - 2015-05-11 17:41 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Jason\Downloads\rkill64.exe
2015-05-11 17:36 - 2015-05-11 17:36 - 02204160 _____ () C:\Users\Jason\Downloads\adwcleaner_4.203.exe
2015-05-11 17:18 - 2015-05-11 17:18 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-05-11 17:12 - 2015-05-11 17:19 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-11 17:11 - 2015-05-11 17:12 - 11024496 _____ (SurfRight B.V.) C:\Users\Jason\Downloads\HitmanPro_x64.exe
2015-05-11 17:08 - 2015-05-11 17:08 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Jason\Downloads\tdsskiller.exe
2015-05-10 22:10 - 2015-05-10 22:10 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JASONSTHING-Windows-8.1-(64-bit).dat
2015-05-10 22:10 - 2015-05-10 22:10 - 00000000 ____D () C:\RegBackup
2015-05-10 22:09 - 2015-05-10 22:10 - 02720307 _____ (Thisisu) C:\Users\Jason\Downloads\JRT.exe
2015-05-10 21:53 - 2015-05-15 10:32 - 00000000 ____D () C:\AdwCleaner
2015-05-10 20:46 - 2015-05-10 21:16 - 00003008 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-05-10 20:46 - 2015-05-10 21:16 - 00003008 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-05-10 20:46 - 2015-05-10 20:46 - 00000000 ____D () C:\searchplugins
2015-05-10 20:42 - 2015-05-15 10:34 - 00002352 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-05-10 20:42 - 2015-05-10 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-05-10 20:42 - 2015-05-10 20:42 - 00000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2015-05-10 20:42 - 2015-01-06 12:47 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2015-05-10 20:42 - 2015-01-06 12:37 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2015-05-10 20:35 - 2015-05-10 20:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-05-10 20:28 - 2015-05-10 20:28 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-05-10 20:24 - 2015-05-10 20:24 - 02057008 _____ () C:\Users\Jason\Downloads\Adaware_Installer.exe
2015-05-10 18:25 - 2015-05-10 20:04 - 00000000 ____D () C:\Users\Jason\Downloads\The Masseuse 8 - 2015 Sweet Sinner Split Scenes
2015-05-10 18:09 - 2015-05-10 18:09 - 00115712 ___SH () C:\Users\Jason\Downloads\Thumbs.db
2015-05-10 17:49 - 2015-05-14 18:20 - 00003264 _____ () C:\Windows\System32\Tasks\IT Viewer Schedualer
2015-05-10 17:49 - 2015-05-10 21:58 - 00000000 ____D () C:\Program Files (x86)\IT Viewer
2015-05-10 17:49 - 2015-05-10 18:19 - 00003272 _____ () C:\Windows\System32\Tasks\Security Software
2015-05-10 17:49 - 2015-05-10 17:49 - 00000000 _____ () C:\Users\Jason\AppData\Roaming\D010.tmp
2015-05-07 10:41 - 2015-05-07 10:41 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts
2015-05-07 10:30 - 2015-05-07 10:30 - 00000000 ____D () C:\Program Files (x86)\LucasArts
2015-04-29 19:35 - 2015-05-07 19:14 - 00000000 ____D () C:\Users\Jason\Documents\Garbage
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-15 10:42 - 2015-04-14 18:52 - 00000000 ____D () C:\Users\Jason\AppData\Local\Spotify
2015-05-15 10:42 - 2015-04-14 18:51 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Spotify
2015-05-15 10:39 - 2013-11-14 13:47 - 00000000 __RDO () C:\Users\Jason\SkyDrive
2015-05-15 10:37 - 2013-11-14 13:48 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4B69A622-9FCF-461E-B600-785746FBC620}
2015-05-15 10:34 - 2014-10-10 20:03 - 00003232 _____ () C:\Windows\System32\Tasks\Run LSI
2015-05-15 10:34 - 2014-10-10 18:38 - 00000000 ____D () C:\Program Files (x86)\LSI
2015-05-15 10:34 - 2013-11-14 13:57 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-15 10:33 - 2013-08-22 08:46 - 00041881 _____ () C:\Windows\setupact.log
2015-05-15 10:33 - 2013-08-22 08:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-15 10:33 - 2013-08-22 07:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-05-15 10:32 - 2014-06-22 14:27 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8e58704846e9.job
2015-05-15 10:32 - 2013-11-14 13:41 - 01668418 _____ () C:\Windows\WindowsUpdate.log
2015-05-15 10:28 - 2013-11-14 13:58 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-15 10:28 - 2013-11-14 13:57 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-15 10:13 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-14 16:36 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-13 12:04 - 2013-11-24 04:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 12:04 - 2013-11-24 04:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 12:04 - 2013-09-30 13:26 - 00046854 _____ () C:\Windows\PFRO.log
2015-05-13 12:04 - 2013-08-22 08:44 - 00360288 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-12 22:55 - 2013-08-22 09:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-12 22:55 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-12 18:41 - 2013-08-22 09:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-12 18:40 - 2013-11-15 14:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-12 18:36 - 2013-11-15 14:18 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-12 18:35 - 2013-11-24 04:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 18:34 - 2013-08-22 13:11 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-11 19:28 - 2013-11-14 13:43 - 00000000 ____D () C:\Users\Jason
2015-05-11 18:47 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\PLA
2015-05-10 22:02 - 2013-11-11 17:33 - 00001225 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk
2015-05-10 21:38 - 2013-12-15 02:22 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Lavasoft
2015-05-10 21:38 - 2013-11-19 04:06 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-05-10 17:50 - 2013-11-14 13:45 - 00001374 _____ () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-07 10:42 - 2013-11-15 18:10 - 00267986 _____ () C:\Windows\DirectX.log
2015-05-06 23:23 - 2013-11-15 05:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-05 11:59 - 2013-08-22 09:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 11:59 - 2013-08-22 09:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-04 20:31 - 2015-01-31 21:11 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LSI - LoL Summoner Information
2015-05-04 20:31 - 2015-01-31 21:11 - 00000000 ____D () C:\Users\Jason\AppData\Local\LSI
2015-04-24 09:29 - 2014-02-06 00:59 - 00000000 ____D () C:\Users\Jason\AppData\Local\Battle.net
2015-04-23 23:53 - 2014-02-06 00:59 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-23 21:33 - 2014-04-11 06:07 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-04-17 15:34 - 2014-04-15 04:54 - 00000000 ____D () C:\Users\Jason\Documents\My Games
2015-04-16 19:48 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 19:45 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\rescache
 
==================== Files in the root of some directories =======
 
2015-05-10 17:49 - 2015-05-10 17:49 - 0000000 _____ () C:\Users\Jason\AppData\Roaming\D010.tmp
2013-11-15 05:09 - 2013-11-16 02:41 - 0007602 _____ () C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
2015-05-10 20:42 - 2015-05-10 20:42 - 0000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
 
Some content of TEMP:
====================
C:\Users\Jason\AppData\Local\Temp\22DB.tmp.exe
C:\Users\Jason\AppData\Local\Temp\43E2.tmp.exe
C:\Users\Jason\AppData\Local\Temp\468E.tmp.exe
C:\Users\Jason\AppData\Local\Temp\6e44adbd-f870-42ba-843a-6719dfa3740c.exe
C:\Users\Jason\AppData\Local\Temp\AutoRun.exe
C:\Users\Jason\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Jason\AppData\Local\Temp\BRSVC_2161718000_hlp.exe
C:\Users\Jason\AppData\Local\Temp\CD14.tmp.exe
C:\Users\Jason\AppData\Local\Temp\Gw2.exe
C:\Users\Jason\AppData\Local\Temp\Quarantine.exe
C:\Users\Jason\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-13 14:20
 
==================== End Of Log ============================

As for the computer, I'm still getting the same general problems. The popups are still all on random words, and performance still isn't great.


#6 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:41 PM

Posted 15 May 2015 - 12:19 PM

Hi ,

turn off all computers, iphones, ...
then unplug the power cable from the router,
then unplug the power cable from the (Cable) modem

....let it OFF for about 5 minutes.

Then with the computers still off,
plug back in the Cable modem power cable.

...when all the lights come on:
then plug in the router,

when all the lights come back on:
then start all computers:

Now check if your problem still exists.
Post results here!
 

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 gaiaroadkilik

gaiaroadkilik
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 16 May 2015 - 05:35 PM

Nope, still having the same problems.



#8 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:41 PM

Posted 17 May 2015 - 02:08 AM

Hello gaiaroadkilik,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
EmptyTemp:
Hosts:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
C:\Windows\System32\AppleChargerSrv.exe
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 gaiaroadkilik

gaiaroadkilik
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 17 May 2015 - 06:18 PM

Here's the text
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by Jason (administrator) on JASONSTHING on 17-05-2015 17:13:00
Running from C:\Users\Jason\Downloads\FRST-OlderVersion
Loaded Profiles: Jason (Available profiles: Jason)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Aequus Gaming) C:\Program Files (x86)\LSI\LoLSummonerInfo.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Aequus Gaming) C:\Program Files (x86)\LSI\LoLSummonerInfo.exe
(Aequus Gaming) C:\Program Files (x86)\LSI\LoLSummonerInfo.exe
(Aequus Gaming) C:\Program Files (x86)\LSI\LoLSummonerInfo.exe
(Aequus Gaming) C:\Program Files (x86)\LSI\LoLSummonerInfo.exe
(Aequus Gaming) C:\Program Files (x86)\LSI\LoLSummonerInfo.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
(Spotify Ltd) C:\Users\Jason\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Spotify Ltd) C:\Users\Jason\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Jason\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Jason\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Jason\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\Run: [Spotify Web Helper] => C:\Users\Jason\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-12] (Spotify Ltd)
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\Run: [Spotify] => C:\Users\Jason\AppData\Roaming\Spotify\Spotify.exe [7320120 2015-05-12] (Spotify Ltd)
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\MountPoints2: {947d14b3-b0b7-11e3-82ad-94dbc9968126} - "E:\Autorun.exe" 
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\MountPoints2: {e85368e2-4d5b-11e3-8256-806e6f6e6963} - "D:\launcher.exe" 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-1070527172-730823832-1899421597-1002] => 127.0.0.1:8118
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2014-10-25] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-1070527172-730823832-1899421597-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jason\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Jason\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (YouTube) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-14]
CHR Extension: (Google Search) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-14]
CHR Extension: (Bookmark Manager) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-14]
CHR Extension: (Gmail) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-30] (EasyAntiCheat Ltd)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-02] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22128 2012-03-08] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2015-01-06] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2015-01-06] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2015-01-06] (BitDefender)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2015-01-06] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2015-01-06] (BitDefender LLC)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39080 2013-10-13] (Razer Inc)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-17 17:02 - 2015-05-17 17:02 - 00000618 _____ () C:\Users\Jason\Desktop\fixlist.txt
2015-05-15 18:25 - 2015-05-17 17:12 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1070527172-730823832-1899421597-1002
2015-05-15 10:42 - 2015-05-17 17:13 - 00000000 ____D () C:\Users\Jason\Downloads\FRST-OlderVersion
2015-05-15 10:38 - 2015-05-15 10:38 - 00001049 _____ () C:\Users\Jason\Desktop\JRT.txt
2015-05-15 10:36 - 2015-05-15 10:36 - 02721175 _____ (Thisisu) C:\Users\Jason\Downloads\JRT (1).exe
2015-05-15 10:31 - 2015-05-15 10:31 - 02209792 _____ () C:\Users\Jason\Downloads\adwcleaner_4.204.exe
2015-05-14 16:59 - 2015-05-14 16:59 - 02204160 _____ () C:\Users\Jason\Downloads\adwcleaner_4.203 (2).exe
2015-05-14 16:55 - 2015-05-14 16:55 - 02204160 _____ () C:\Users\Jason\Downloads\adwcleaner_4.203 (1).exe
2015-05-14 16:37 - 2015-05-14 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-14 16:35 - 2015-05-14 16:53 - 00000000 ____D () C:\Users\Jason\Desktop\mbar
2015-05-14 16:35 - 2015-05-14 16:35 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Jason\Downloads\mbar-1.09.1.1004.exe
2015-05-14 16:32 - 2015-05-14 16:32 - 00852630 _____ () C:\Users\Jason\Downloads\SecurityCheck.exe
2015-05-12 18:40 - 2015-04-30 14:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 18:40 - 2015-04-30 14:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 17:22 - 2015-04-30 17:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 17:22 - 2015-04-30 16:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 17:22 - 2015-04-24 15:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 17:22 - 2015-04-13 16:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 17:22 - 2015-04-09 19:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 17:22 - 2015-04-09 18:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 17:22 - 2015-04-09 18:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-12 17:22 - 2015-04-09 18:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 17:22 - 2015-04-09 18:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-12 17:22 - 2015-04-08 16:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 17:22 - 2015-04-02 18:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-12 17:22 - 2015-04-02 18:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 17:22 - 2015-04-01 16:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-12 17:22 - 2015-04-01 16:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-12 17:22 - 2015-03-31 21:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-12 17:22 - 2015-03-31 20:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-12 17:22 - 2015-03-29 23:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-12 17:22 - 2015-03-26 21:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 17:22 - 2015-03-26 20:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 17:22 - 2015-03-26 20:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 17:22 - 2015-03-19 19:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-12 17:22 - 2015-03-17 11:26 - 00467776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-12 17:22 - 2015-03-12 22:03 - 00239424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-12 17:22 - 2015-03-12 22:03 - 00154432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-12 17:22 - 2015-03-12 20:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-12 17:22 - 2015-03-12 19:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-12 17:22 - 2015-03-12 18:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-12 17:22 - 2015-03-12 18:29 - 00410017 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-12 17:22 - 2015-03-10 19:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 17:22 - 2015-03-10 19:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 17:22 - 2015-03-08 20:02 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-12 17:22 - 2015-03-05 21:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 17:22 - 2015-03-05 20:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-12 17:22 - 2015-03-05 20:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 17:22 - 2015-03-04 17:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 17:22 - 2015-03-03 19:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-12 17:22 - 2015-03-03 19:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 17:22 - 2015-02-17 17:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-12 17:22 - 2015-01-29 18:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-12 17:22 - 2014-11-14 00:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-12 17:21 - 2015-04-21 11:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 17:21 - 2015-04-21 10:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 17:21 - 2015-04-21 10:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 17:21 - 2015-04-21 10:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 17:21 - 2015-04-21 10:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 17:21 - 2015-04-21 10:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 17:21 - 2015-04-21 10:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 17:21 - 2015-04-21 10:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 17:21 - 2015-04-21 10:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-12 17:21 - 2015-04-21 10:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 17:21 - 2015-04-21 10:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 17:21 - 2015-04-21 10:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 17:21 - 2015-04-21 10:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-12 17:21 - 2015-04-21 10:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 17:21 - 2015-04-21 10:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 17:21 - 2015-04-21 09:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-12 17:21 - 2015-04-21 09:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 17:21 - 2015-04-21 09:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-12 17:21 - 2015-04-21 09:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 17:21 - 2015-04-21 09:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 17:21 - 2015-04-21 09:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 17:21 - 2015-04-21 09:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 17:21 - 2015-04-21 09:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 17:21 - 2015-04-21 09:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 17:21 - 2015-04-21 09:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-12 17:21 - 2015-04-21 09:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 17:21 - 2015-04-21 09:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-12 17:21 - 2015-04-21 09:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 17:21 - 2015-04-21 09:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-12 17:21 - 2015-04-21 09:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 17:21 - 2015-04-21 09:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 17:21 - 2015-04-21 09:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 17:21 - 2015-04-21 09:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 17:21 - 2015-04-21 09:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 17:21 - 2015-04-21 09:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 17:21 - 2015-04-21 09:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 17:21 - 2015-04-21 09:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 17:21 - 2015-04-21 08:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 17:21 - 2015-04-21 08:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-11 19:35 - 2015-05-11 20:15 - 00060510 _____ () C:\Users\Jason\Downloads\Addition.txt
2015-05-11 19:34 - 2015-05-17 17:13 - 00000000 ____D () C:\FRST
2015-05-11 19:34 - 2015-05-15 10:43 - 00034298 _____ () C:\Users\Jason\Downloads\FRST.txt
2015-05-11 19:33 - 2015-05-15 10:42 - 02106368 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe
2015-05-11 19:28 - 2015-05-11 20:19 - 00000000 ____D () C:\Users\Jason\BackupTEMP
2015-05-11 19:16 - 2015-05-11 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-05-11 19:16 - 2015-05-11 19:16 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2015-05-11 19:12 - 2015-05-11 19:14 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Jason\Downloads\cbSetup.exe
2015-05-11 17:45 - 2015-05-17 17:07 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-11 17:45 - 2015-05-11 17:45 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-11 17:45 - 2015-05-11 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-11 17:44 - 2015-05-14 16:35 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-11 17:44 - 2015-05-11 17:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-11 17:44 - 2015-05-11 17:44 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Jason\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-11 17:44 - 2015-05-11 17:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-11 17:44 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-11 17:44 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-11 17:41 - 2015-05-11 17:43 - 00001616 _____ () C:\Users\Jason\Desktop\Rkill.txt
2015-05-11 17:41 - 2015-05-11 17:41 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Jason\Downloads\rkill.exe
2015-05-11 17:41 - 2015-05-11 17:41 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Jason\Downloads\rkill64.exe
2015-05-11 17:36 - 2015-05-11 17:36 - 02204160 _____ () C:\Users\Jason\Downloads\adwcleaner_4.203.exe
2015-05-11 17:18 - 2015-05-11 17:18 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-05-11 17:12 - 2015-05-11 17:19 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-11 17:11 - 2015-05-11 17:12 - 11024496 _____ (SurfRight B.V.) C:\Users\Jason\Downloads\HitmanPro_x64.exe
2015-05-11 17:08 - 2015-05-11 17:08 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Jason\Downloads\tdsskiller.exe
2015-05-10 22:10 - 2015-05-10 22:10 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JASONSTHING-Windows-8.1-(64-bit).dat
2015-05-10 22:10 - 2015-05-10 22:10 - 00000000 ____D () C:\RegBackup
2015-05-10 22:09 - 2015-05-10 22:10 - 02720307 _____ (Thisisu) C:\Users\Jason\Downloads\JRT.exe
2015-05-10 21:53 - 2015-05-15 10:32 - 00000000 ____D () C:\AdwCleaner
2015-05-10 20:46 - 2015-05-10 21:16 - 00003008 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-05-10 20:46 - 2015-05-10 21:16 - 00003008 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-05-10 20:46 - 2015-05-10 20:46 - 00000000 ____D () C:\searchplugins
2015-05-10 20:42 - 2015-05-17 17:07 - 00002352 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-05-10 20:42 - 2015-05-10 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-05-10 20:42 - 2015-05-10 20:42 - 00000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2015-05-10 20:42 - 2015-01-06 12:47 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2015-05-10 20:42 - 2015-01-06 12:37 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2015-05-10 20:35 - 2015-05-10 20:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-05-10 20:28 - 2015-05-10 20:28 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-05-10 20:24 - 2015-05-10 20:24 - 02057008 _____ () C:\Users\Jason\Downloads\Adaware_Installer.exe
2015-05-10 18:09 - 2015-05-10 18:09 - 00115712 ___SH () C:\Users\Jason\Downloads\Thumbs.db
2015-05-10 17:49 - 2015-05-16 18:20 - 00003264 _____ () C:\Windows\System32\Tasks\IT Viewer Schedualer
2015-05-10 17:49 - 2015-05-10 21:58 - 00000000 ____D () C:\Program Files (x86)\IT Viewer
2015-05-10 17:49 - 2015-05-10 18:19 - 00003272 _____ () C:\Windows\System32\Tasks\Security Software
2015-05-10 17:49 - 2015-05-10 17:49 - 00000000 _____ () C:\Users\Jason\AppData\Roaming\D010.tmp
2015-05-07 10:41 - 2015-05-07 10:41 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts
2015-05-07 10:30 - 2015-05-07 10:30 - 00000000 ____D () C:\Program Files (x86)\LucasArts
2015-04-29 19:35 - 2015-05-07 19:14 - 00000000 ____D () C:\Users\Jason\Documents\Garbage
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-17 17:09 - 2015-04-14 18:52 - 00000000 ____D () C:\Users\Jason\AppData\Local\Spotify
2015-05-17 17:09 - 2015-04-14 18:51 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Spotify
2015-05-17 17:09 - 2013-11-14 13:41 - 01327944 _____ () C:\Windows\WindowsUpdate.log
2015-05-17 17:07 - 2014-10-10 20:03 - 00003232 _____ () C:\Windows\System32\Tasks\Run LSI
2015-05-17 17:07 - 2013-11-14 13:47 - 00000000 __RDO () C:\Users\Jason\SkyDrive
2015-05-17 17:06 - 2014-10-10 18:38 - 00000000 ____D () C:\Program Files (x86)\LSI
2015-05-17 17:06 - 2013-11-14 13:57 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-17 17:06 - 2013-09-30 13:26 - 00048286 _____ () C:\Windows\PFRO.log
2015-05-17 17:06 - 2013-08-22 09:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-17 17:06 - 2013-08-22 08:46 - 00041997 _____ () C:\Windows\setupact.log
2015-05-17 17:06 - 2013-08-22 08:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-17 17:05 - 2013-08-22 07:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-05-17 17:02 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-17 17:01 - 2013-11-14 13:48 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4B69A622-9FCF-461E-B600-785746FBC620}
2015-05-17 16:42 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-16 23:32 - 2014-06-22 14:27 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8e58704846e9.job
2015-05-16 23:27 - 2013-11-14 13:57 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-16 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\rescache
2015-05-15 18:20 - 2013-11-14 13:58 - 00002228 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-13 12:04 - 2013-11-24 04:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 12:04 - 2013-11-24 04:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 12:04 - 2013-08-22 08:44 - 00360288 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-12 22:55 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-12 18:41 - 2013-08-22 09:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-12 18:40 - 2013-11-15 14:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-12 18:36 - 2013-11-15 14:18 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-12 18:35 - 2013-11-24 04:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 18:34 - 2013-08-22 13:11 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-11 19:28 - 2013-11-14 13:43 - 00000000 ____D () C:\Users\Jason
2015-05-11 18:47 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\PLA
2015-05-10 22:02 - 2013-11-11 17:33 - 00001225 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk
2015-05-10 21:38 - 2013-12-15 02:22 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Lavasoft
2015-05-10 21:38 - 2013-11-19 04:06 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-05-10 17:50 - 2013-11-14 13:45 - 00001374 _____ () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-07 10:42 - 2013-11-15 18:10 - 00267986 _____ () C:\Windows\DirectX.log
2015-05-06 23:23 - 2013-11-15 05:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-05 11:59 - 2013-08-22 09:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 11:59 - 2013-08-22 09:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-04 20:31 - 2015-01-31 21:11 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LSI - LoL Summoner Information
2015-05-04 20:31 - 2015-01-31 21:11 - 00000000 ____D () C:\Users\Jason\AppData\Local\LSI
2015-04-24 09:29 - 2014-02-06 00:59 - 00000000 ____D () C:\Users\Jason\AppData\Local\Battle.net
2015-04-23 23:53 - 2014-02-06 00:59 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-23 21:33 - 2014-04-11 06:07 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-04-17 15:34 - 2014-04-15 04:54 - 00000000 ____D () C:\Users\Jason\Documents\My Games
 
==================== Files in the root of some directories =======
 
2015-05-10 17:49 - 2015-05-10 17:49 - 0000000 _____ () C:\Users\Jason\AppData\Roaming\D010.tmp
2013-11-15 05:09 - 2013-11-16 02:41 - 0007602 _____ () C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
2015-05-10 20:42 - 2015-05-10 20:42 - 0000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-13 14:20
 
==================== End Of Log ============================

Here's the addition, if you want that

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
Ran by Jason at 2015-05-17 17:14:01
Running from C:\Users\Jason\Downloads\FRST-OlderVersion
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1070527172-730823832-1899421597-500 - Administrator - Disabled)
Guest (S-1-5-21-1070527172-730823832-1899421597-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1070527172-730823832-1899421597-1004 - Limited - Enabled)
Jason (S-1-5-21-1070527172-730823832-1899421597-1002 - Administrator - Enabled) => C:\Users\Jason
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{13351E83-6DCD-4E97-2A8C-5D496259A47F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blade Symphony (HKLM-x32\...\Steam App 225600) (Version:  - Puny Human)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Dead State (HKLM-x32\...\Steam App 239840) (Version:  - DoubleBear Productions)
Dota 2 Test (HKLM-x32\...\Steam App 205790) (Version:  - )
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - Trendy Entertainment)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
FINAL FANTASY VIII (HKLM-x32\...\Steam App 39150) (Version:  - SQUARE ENIX)
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LSI - LoL Summoner Information (HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\{62B332E9-239D-4692-BDE2-0CC1CF2833DA}_is1) (Version: v4.7.3 - Aequus Gaming Ltd.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
ON_OFF Charge B12.0308.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PyScripter 2.5.3 (HKLM-x32\...\PyScripter_is1) (Version: 2.5.3 - PyScripter)
Python 3.3.3 (HKLM-x32\...\{39b6eb84-331c-3657-ad2e-837537ddf04f}) (Version: 3.3.3150 - Python Software Foundation)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version:  - Frontier)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Spotify (HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\Spotify) (Version: 1.0.5.178.g885b099b - Spotify AB)
Star Wars Knights of the Old Republic (HKLM-x32\...\Star Wars Knights of the Old Republic) (Version: 1.3.0.0 - LucasArts)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
T3A:Online for BFME2 (HKLM-x32\...\{A60D4C53-A632-40C8-A583-DC632EC9A926}) (Version: 1.5.0 - The3rdAge.net)
The Battle for Middle-earth ™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
This War of Mine (HKLM-x32\...\Steam App 282070) (Version:  - 11 bit studios)
To the Moon (HKLM-x32\...\Steam App 206440) (Version:  - Freebird Games)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Unity Web Player (HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version:  - Relic Entertainment)
WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
ZipDownloader (HKLM-x32\...\ZipDownloader) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
30-04-2015 17:41:05 Windows Update
07-05-2015 10:41:43 Installed DirectX
10-05-2015 20:24:54 AA11
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2015-05-17 17:04 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0531B693-1FC4-4CEE-A210-A6AD97D643FA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {15DC76B5-5B77-468A-90C8-13347F4933FE} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8e586d8d896f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {17B48E5E-A70C-45E9-9B68-5CD2872C59C0} - System32\Tasks\{95470977-C0E5-49C2-90E7-7C1DB854CA80} => pcalua.exe -a D:\Autorun.exe -d D:\
Task: {1855FE67-9CFF-4BB7-A0AA-E19006035380} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {1B7203D9-B436-44F8-84F0-AF76CC14D7F2} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {521E7514-CFCE-4D3A-855D-CEEACCF200D0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {588FDF72-78F6-420C-B21C-4E28793A3A98} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1070527172-730823832-1899421597-1002
Task: {650C610F-E4C4-4771-80CC-D9544BFFA690} - System32\Tasks\Security Software => C:\Users\Jason\AppData\Local\Updater\winupd.exe
Task: {87F6D5A5-FCE6-42DF-AC03-0F5BF64EE4B4} - System32\Tasks\IT Viewer Schedualer => C:\Program Files (x86)\IT Viewer\astask.exe [2015-05-10] (SecureSoft)
Task: {898CB83C-8044-414F-9AF7-777D47256946} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {933E8A55-5B44-4A83-823B-3475CE91CCC6} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {9A74EB07-2605-4FA5-925F-EB8DAC85B15F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {D5DFAC21-32C0-4B9A-97C2-55688A9E4D78} - \Optimize Start Menu Cache Files-S-1-5-21-1070527172-730823832-1899421597-500 No Task File <==== ATTENTION
Task: {E5BA4018-0666-40DF-9FEE-D8A7724A935F} - System32\Tasks\Run LSI => C:\Program Files (x86)\LSI\LoLSummonerInfo.exe [2015-05-04] (Aequus Gaming)
Task: {F9E35D60-72B3-41E4-A1EC-38DBDADEBDF2} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8e58704846e9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {FD68D13F-B92F-4EBB-ABDF-D7DFDCFDFFA4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-12] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8e586d8d896f.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8e58704846e9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-08-30 21:47 - 2013-08-30 21:47 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 16:41 - 2012-10-22 16:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 16:42 - 2012-10-22 16:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-08-30 21:47 - 2013-08-30 21:47 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\SYSTEM32\bdfwcore.dll
2015-05-10 21:24 - 2015-05-10 21:24 - 00789856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl
2015-05-10 21:24 - 2015-05-10 21:24 - 00710016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl
2015-05-10 21:24 - 2015-05-10 21:24 - 02683008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl
2015-05-10 21:24 - 2015-05-10 21:24 - 01325480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl
2015-03-10 18:50 - 2015-03-10 18:50 - 02756616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareShellExtension.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll
2013-08-30 21:47 - 2013-08-30 21:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-01-31 21:11 - 2015-01-31 21:11 - 40622592 _____ () C:\Program Files (x86)\LSI\libcef.dll
2014-10-10 18:38 - 2014-10-10 18:38 - 00570947 _____ () C:\Program Files (x86)\LSI\sqlite3.dll
2015-01-31 21:11 - 2015-01-31 21:11 - 00911360 _____ () C:\Program Files (x86)\LSI\libglesv2.dll
2015-01-31 21:11 - 2015-01-31 21:11 - 00134144 _____ () C:\Program Files (x86)\LSI\libegl.dll
2015-01-31 21:11 - 2015-01-31 21:11 - 00950272 _____ () C:\Program Files (x86)\LSI\ffmpegsumo.dll
2015-04-14 18:51 - 2015-05-12 18:20 - 41286712 _____ () C:\Users\Jason\AppData\Roaming\Spotify\libcef.dll
2015-05-15 10:28 - 2015-05-04 22:06 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libglesv2.dll
2015-05-15 10:28 - 2015-05-04 22:06 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libegl.dll
2015-04-14 18:51 - 2015-05-12 18:20 - 01488440 _____ () C:\Users\Jason\AppData\Roaming\Spotify\libglesv2.dll
2015-04-14 18:51 - 2015-05-12 18:20 - 00079928 _____ () C:\Users\Jason\AppData\Roaming\Spotify\libegl.dll
2015-05-15 10:28 - 2015-05-04 22:06 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:6E6A4F42
AlternateDataStreams: C:\Users\Jason\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1 - 205.171.2.25
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "HDAudDeck"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\StartupApproved\Run: => "Web Companion"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5BD9C95F-B308-4496-8E4A-04DC57557631}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A7B74E15-0FA0-4458-B051-4767F32A08CE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{19A0E421-7E7C-4A22-B3D6-E70916EB7A8B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{453D4C95-ED6E-4303-9DF1-BCA1F742DE4B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{714D1863-D2DB-4943-AE36-5C697B105650}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{05C537EC-2B6C-4178-8FDD-76FE8DC14B8F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{F5538302-4F77-449E-BAF3-D481CC193633}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{FC1B02C3-3362-4106-BDA5-B8F5444C4FA5}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [TCP Query User{C4DF91C4-1DA7-41C5-B817-80FE86E58E3A}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{D598EFB3-D7F2-4B96-97D3-BF4F6414D4D3}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{05CB25CC-45C9-4FDB-9161-7BAE8CB8AC7B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{BDAA4D37-3A14-47D5-A89F-AC7DC2349A57}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [TCP Query User{5AD65A7F-5963-4596-9F64-4ADA5C87B753}C:\users\jason\appdata\local\temp\gw2.exe] => (Allow) C:\users\jason\appdata\local\temp\gw2.exe
FirewallRules: [UDP Query User{C545E061-E995-48F4-856F-16A4FF18FFF3}C:\users\jason\appdata\local\temp\gw2.exe] => (Allow) C:\users\jason\appdata\local\temp\gw2.exe
FirewallRules: [TCP Query User{5557BB05-D764-4EBE-9845-A43ADCF67D81}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{D2366655-01AA-4ED8-B7EC-2A70B51B60D8}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{85C5109B-4D0D-4430-8755-D3469FAE5993}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{BCF337E0-985D-4CE4-BF8E-9BDD29D532B8}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{C33667EF-4C70-4C6F-8CE0-CE50198BF041}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rollercoaster Tycoon 3 Gold\RCT3plus.exe
FirewallRules: [{0B057897-B5AA-4C5D-ACCF-A6BA5B6851E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rollercoaster Tycoon 3 Gold\RCT3plus.exe
FirewallRules: [TCP Query User{89636C16-F96B-489B-9EEF-BBB9DD11BF4C}C:\python33\python.exe] => (Allow) C:\python33\python.exe
FirewallRules: [UDP Query User{D1956F46-D122-4AFF-B0A9-D413C00DBDDC}C:\python33\python.exe] => (Allow) C:\python33\python.exe
FirewallRules: [{E8F5166C-29C5-47B2-BC39-3A16CF9F4E35}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\GameDevTycoon.exe
FirewallRules: [{C977C9DB-B570-49C8-962D-182D18A53910}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\GameDevTycoon.exe
FirewallRules: [{5527A000-7DEB-49EC-9DD3-79FC5CFF6B29}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{0E3A39AE-BF17-4F7D-81DC-87EBD3F49C11}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{48A0C714-7AA2-47A0-BE7E-29483F1FCB5F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{E81B22C6-E4DC-4D38-88A1-26F4E246EE73}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{FB6E4969-E293-4C11-904E-CE63A081C1B4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{1322CF37-82F5-4DDF-89A1-46DE9B042B67}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{81D56A4A-B964-4BE9-B22B-1335154567A3}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{EE0CB69C-F540-4F69-842A-70F5D5A2E714}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{726E9FF6-B5E9-4020-BEE3-095C0570D395}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{EF5BFC38-FD54-4306-830A-A0DBD4BBDAB1}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{72329906-6013-427A-9342-DCB4225FE3A6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{3D2CB185-9ADB-44AB-9AB8-D58A964166EF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [TCP Query User{C7CE60E9-52A2-407A-8703-D84371938C5F}C:\users\jason\downloads\ygopro-1.032.1-v5-percy-full\ygopro_vs.exe] => (Allow) C:\users\jason\downloads\ygopro-1.032.1-v5-percy-full\ygopro_vs.exe
FirewallRules: [UDP Query User{DF4F4F99-89AA-41C8-A3B8-71414D38AF40}C:\users\jason\downloads\ygopro-1.032.1-v5-percy-full\ygopro_vs.exe] => (Allow) C:\users\jason\downloads\ygopro-1.032.1-v5-percy-full\ygopro_vs.exe
FirewallRules: [{A13CFE7F-F4A5-4E4C-9B6B-B0E8FBA8869E}] => (Block) C:\users\jason\downloads\ygopro-1.032.1-v5-percy-full\ygopro_vs.exe
FirewallRules: [{BDEEF798-C7A2-4AE6-B776-1E649126068D}] => (Block) C:\users\jason\downloads\ygopro-1.032.1-v5-percy-full\ygopro_vs.exe
FirewallRules: [{091944D6-3ED5-4EA5-9286-6123982F03AA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{3074EB81-2BF4-44BA-B8BF-64A7486E9C7C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{B1AD872C-2055-49D6-BC39-C05EAC7E5FF9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rustlauncher.exe
FirewallRules: [{99B5317E-4931-4DC3-BC39-885C573FC740}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rustlauncher.exe
FirewallRules: [{FEB2A719-5355-4A7C-A2B1-D7D1E38EE48C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{083FA1CB-081D-4E12-99F1-11ABE23B4D1C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{9AF9A4CC-859D-4C70-9F96-D9E3106B05CC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{03116351-0322-42C8-A0BF-DA2154986B71}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{77441C04-C850-4DFE-B3EB-EEE790751FAA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{59D1E777-845C-4BB8-98F3-97EB832BDDDF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{1A934915-057F-47AA-8A57-478A4CF6E064}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{3F4C833C-5F29-42C0-B75E-F8DC6E3B277D}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{A83EE146-044D-469D-86E8-062ACC191271}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [UDP Query User{D6DE8280-09AA-451F-B072-51CD102511E4}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [{84801AE1-8E7C-4818-89C8-179AA1230F53}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{1ED58443-B4DE-4ED2-B1C8-4B281735294F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{B34B4A97-5B40-437C-8736-A13CCE0E3147}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{0D2E611D-2E3E-466A-9B53-6E680D6EF4D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{36FBD6B0-C951-430A-908D-E4FB6E5F218C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{6FB29D96-9CA6-4071-A8F1-5755AF8EF54E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [TCP Query User{47903CB2-F2CE-4DEE-98A7-EF3F5D63C6B8}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe
FirewallRules: [UDP Query User{EABFA629-E767-42C2-8F30-B754D4F2794A}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe
FirewallRules: [{AD118B9D-383D-4A00-82AE-AE3DDADA54A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{320A39D6-CCCD-4883-9190-80605BBECEC6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{D8DEC861-7965-4644-87CA-028160D890B7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{5244C20B-02AF-48D7-83B8-91DD62F8E70C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{9E8C6EAE-CE37-4020-B27E-54662A31EAED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 test\dota.exe
FirewallRules: [{39711136-7B64-4FF5-BD8E-869E13610E80}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 test\dota.exe
FirewallRules: [{23ACEA3D-7764-4E7A-AE57-F667BADD6C24}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{F89E1737-7E44-4D7F-BBB6-F7BFF7CDC267}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{E17F2FBB-85EC-4B40-BD53-E068EDCA0095}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DBCAF02E-A0BB-4E54-9096-56C5D49409DF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4BFB3E90-5544-45FE-83CB-979FB9CF54D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{F9C8199F-4758-4C70-B25B-5531B39FD5C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{0B93BF5B-7921-49E3-BCD8-B2B6E522A1D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{44D4ADB3-30CB-4B53-9CCC-301D46A3354E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [TCP Query User{875BC0D0-4C5E-456C-87CC-3982B9F5BB2D}C:\program files (x86)\lsi\lolsummonerinfo.exe] => (Allow) C:\program files (x86)\lsi\lolsummonerinfo.exe
FirewallRules: [UDP Query User{89C255DC-8A30-4454-8BA5-7FE957EF2F5F}C:\program files (x86)\lsi\lolsummonerinfo.exe] => (Allow) C:\program files (x86)\lsi\lolsummonerinfo.exe
FirewallRules: [{30633978-9193-4356-A9DD-BCDEA235AE82}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Blade Symphony\berimbau.exe
FirewallRules: [{96DF001E-5001-4619-A401-DF1DF69CE7FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Blade Symphony\berimbau.exe
FirewallRules: [{371977A6-81D9-47F5-90DB-F4A2196BB866}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{7E61CA76-6A33-4BD3-B18B-771D6F48796E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{A31FDEDB-E1D3-4861-AB8F-8F8C2C58A076}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CB38A494-0C81-4061-8791-1C8980E89211}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{689120EA-F61E-49C3-939E-C10222CAEAEE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead State\ZRPG.exe
FirewallRules: [{8CFC1D12-841C-42F5-828B-852850439D8D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead State\ZRPG.exe
FirewallRules: [{9049E03C-8C6B-42E1-AC9D-5AA3EE8EA2EF}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth ™ II\game.dat
FirewallRules: [{A2D52BC8-CB89-4B69-B5C1-901A6FBE7C00}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth ™ II\game.dat
FirewallRules: [TCP Query User{B012C1DD-F852-4C7E-B6E9-EC9BDC97234B}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{4D405693-5644-49F1-8C0E-477EB2F7BCB7}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{4C2F9845-C8D2-4904-BFDA-A58BCF7C1E19}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{DA652E20-CBFD-4DE8-B7AA-2107A32CFD15}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [{888152D0-41C4-4389-BF7F-59E178581A75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{D69D434A-59BC-41D7-A08F-79CF1BC27DCE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{04077A10-2CD4-43D8-9947-CEB41A25416D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{44F18D37-DC45-4D09-9FEC-59C819E62C7B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\This War of Mine\This War of Mine.exe
FirewallRules: [TCP Query User{A4C9CDBF-B3FF-45A2-A02D-434B2CE7CF8E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E5020D5F-9E4A-44CF-B9E0-7F4BB4E25534}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{CD296E9C-0FBD-4838-86DE-03B881CD515D}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{563BB27C-A0E8-471C-B869-6FC232F8BA7C}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{3297A7B2-78F1-4FD7-AA75-5C904915F33C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{8584CF8F-0BA0-4DE3-B0E3-6A01C65125BC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{706D284E-1C84-4710-98FB-9B653FBB2510}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{20C7AB02-123E-4690-B1C6-62561CB24DB7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{30BBF261-6205-4590-8286-DDDFE0704171}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{10E6F4DB-ECE8-48EC-905E-21D5437D225A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{2B14F74C-5178-4296-B4B3-DA92790D1A11}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{F03C3036-4AC7-46A6-806B-1E4F7856A8A3}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{5A1F60CB-3CE1-4BF0-A0E8-F72D9994E1DB}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{E4A0A7BD-9919-4753-AF16-227DD7506199}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{DEB65802-F9F0-4141-8A62-6D6A456DA2AA}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [TCP Query User{3D10E52E-D5F4-4BF2-981C-2742191D6455}C:\users\jason\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jason\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{62D00BD6-3B4A-4AF1-A3F4-CB9D8188D9DC}C:\users\jason\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jason\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0F7CBCB3-4087-45D6-8D64-788AB656B199}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{DF9AD7A3-ABCD-4EB2-830A-3BDECCDE06E1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{D025D962-B628-40B3-B3E2-CDF38B07D39A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{B2F6E54E-1023-42C9-A37A-60BA45C7E2BA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{19DE3C37-4BB8-4BB8-9F87-F5114C996F92}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{0639CE39-8CAA-4ACD-934C-7C31EF65A45A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe
FirewallRules: [TCP Query User{D0686240-B5FD-4366-9A6D-4420D145CD9D}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{7D559D52-952F-4EB7-8F98-2F174BAE93B3}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{5FC9BF6D-0309-43BA-AB44-F52664F246F4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Etron USB 3.0 Extensible Host Controller
Description: Etron USB 3.0 Extensible Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Etron Technology Inc.
Service: EtronXHCI
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Etron USB 3.0 Extensible Host Controller
Description: Etron USB 3.0 Extensible Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Etron Technology Inc.
Service: EtronXHCI
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/16/2015 07:45:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 42.0.2311.152 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1670
 
Start Time: 01d09028463cf5c4
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 6f9ca05f-fc36-11e4-82d9-94dbc9968126
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/14/2015 04:32:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1108
 
Start Time: 01d08e9513010e0c
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 06f67d2e-fa89-11e4-82d8-94dbc9968126
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (05/12/2015 10:40:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17415, time stamp: 0x5450355f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x00000004
Fault offset: 0x00014598
Faulting process id: 0x8b0
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
Error: (05/12/2015 10:24:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17415, time stamp: 0x5450355f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x00000004
Fault offset: 0x00014598
Faulting process id: 0x990
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
Error: (05/12/2015 10:10:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17415, time stamp: 0x5450355f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x00000004
Fault offset: 0x00014598
Faulting process id: 0x14ac
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
Error: (05/12/2015 09:48:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17415, time stamp: 0x5450355f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x00000004
Fault offset: 0x00014598
Faulting process id: 0x1300
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
Error: (05/12/2015 09:29:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17415, time stamp: 0x5450355f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x00000004
Fault offset: 0x00014598
Faulting process id: 0x27e4
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
Error: (05/12/2015 09:19:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17415, time stamp: 0x5450355f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x00000004
Fault offset: 0x00014598
Faulting process id: 0x133c
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
Error: (05/12/2015 09:10:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17415, time stamp: 0x5450355f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x00000004
Fault offset: 0x00014598
Faulting process id: 0x5ec
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
Error: (05/12/2015 08:55:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17415, time stamp: 0x5450355f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x00000004
Fault offset: 0x00014598
Faulting process id: 0xbb8
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
 
System errors:
=============
Error: (05/17/2015 00:19:39 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (05/16/2015 00:49:47 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (05/15/2015 10:39:15 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: 
%%1056
 
Error: (05/15/2015 10:37:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/15/2015 10:37:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/15/2015 10:37:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/15/2015 10:37:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VIA Karaoke digital mixer Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/15/2015 10:37:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/15/2015 10:37:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/15/2015 10:37:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ad-Aware Service 11 service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (05/16/2015 07:45:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe42.0.2311.152167001d09028463cf5c44294967295C:\Program Files (x86)\Google\Chrome\Application\chrome.exe6f9ca05f-fc36-11e4-82d9-94dbc9968126
 
Error: (05/14/2015 04:32:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856110801d08e9513010e0c4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe06f67d2e-fa89-11e4-82d8-94dbc9968126microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (05/12/2015 10:40:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.174155450355fKERNELBASE.dll6.3.9600.1741554504ade00000004000145988b001d08d36fdaf3b67C:\Windows\syswow64\wwahost.exeC:\Windows\SYSTEM32\KERNELBASE.dll3c1c49ae-f92a-11e4-82d7-94dbc9968126Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
 
Error: (05/12/2015 10:24:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.174155450355fKERNELBASE.dll6.3.9600.1741554504ade000000040001459899001d08d34ab171a17C:\Windows\syswow64\wwahost.exeC:\Windows\SYSTEM32\KERNELBASE.dlle9d43e41-f927-11e4-82d7-94dbc9968126Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
 
Error: (05/12/2015 10:10:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.174155450355fKERNELBASE.dll6.3.9600.1741554504ade000000040001459814ac01d08d32ccccf0b3C:\Windows\syswow64\wwahost.exeC:\Windows\SYSTEM32\KERNELBASE.dll0b47daa7-f926-11e4-82d7-94dbc9968126Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
 
Error: (05/12/2015 09:48:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.174155450355fKERNELBASE.dll6.3.9600.1741554504ade0000000400014598130001d08d2fa0081452C:\Windows\syswow64\wwahost.exeC:\Windows\SYSTEM32\KERNELBASE.dlldef326cc-f922-11e4-82d7-94dbc9968126Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
 
Error: (05/12/2015 09:29:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.174155450355fKERNELBASE.dll6.3.9600.1741554504ade000000040001459827e401d08d2cf4f2e734C:\Windows\syswow64\wwahost.exeC:\Windows\SYSTEM32\KERNELBASE.dll33b0a7a3-f920-11e4-82d7-94dbc9968126Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
 
Error: (05/12/2015 09:19:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.174155450355fKERNELBASE.dll6.3.9600.1741554504ade0000000400014598133c01d08d2b8ef99b99C:\Windows\syswow64\wwahost.exeC:\Windows\SYSTEM32\KERNELBASE.dllce2a91ec-f91e-11e4-82d7-94dbc9968126Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
 
Error: (05/12/2015 09:10:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.174155450355fKERNELBASE.dll6.3.9600.1741554504ade00000004000145985ec01d08d2a6b080d2cC:\Windows\syswow64\wwahost.exeC:\Windows\SYSTEM32\KERNELBASE.dlla96bec78-f91d-11e4-82d7-94dbc9968126Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
 
Error: (05/12/2015 08:55:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.174155450355fKERNELBASE.dll6.3.9600.1741554504ade0000000400014598bb801d08d285297534bC:\Windows\syswow64\wwahost.exeC:\Windows\SYSTEM32\KERNELBASE.dll914b4f93-f91b-11e4-82d7-94dbc9968126Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-05-10 18:18:16.947
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-10 18:18:16.774
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-10 17:49:02.543
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-10 17:49:02.371
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-05 21:23:46.042
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-05 21:23:45.885
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-05 21:23:45.745
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-05 21:23:45.588
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-05 21:23:45.448
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-05 21:23:45.291
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-8320 Eight-Core Processor 
Percentage of memory in use: 18%
Total physical RAM: 16351.73 MB
Available physical RAM: 13323.09 MB
Total Pagefile: 18783.73 MB
Available Pagefile: 15125.55 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:931.17 GB) (Free:655.42 GB) NTFS
Drive d: (KOTOR) (CDROM) (Total:2.44 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E4601560)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#10 gaiaroadkilik

gaiaroadkilik
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 17 May 2015 - 06:20 PM

Just realized I forgot to copy the log after the fixlist went through. Sorry...



#11 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:41 PM

Posted 18 May 2015 - 02:44 AM

Hello gaiaroadkilik,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop => you had Running from C:\Users\Jason\Downloads\FRST-OlderVersion
) as fixlist.txt

 
start
EmptyTemp:
ProxyServer: [S-1-5-21-1070527172-730823832-1899421597-1002] => 127.0.0.1:8118
RemoveProxy:
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Still get popups / adware?
 

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 gaiaroadkilik

gaiaroadkilik
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 18 May 2015 - 05:36 PM

Yes I am still getting the popups everywhere.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02
Ran by Jason at 2015-05-18 16:29:06 Run:2
Running from C:\Users\Jason\Downloads\FRST-OlderVersion
Loaded Profiles: Jason (Available profiles: Jason)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
EmptyTemp:
ProxyServer: [S-1-5-21-1070527172-730823832-1899421597-1002] => 127.0.0.1:8118
RemoveProxy:
end
*****************

HKU\S-1-5-21-1070527172-730823832-1899421597-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========

EmptyTemp: => Removed 429.2 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 16:29:19 ====

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by Jason (administrator) on JASONSTHING on 18-05-2015 16:34:22
Running from C:\Users\Jason\Downloads\FRST-OlderVersion
Loaded Profiles: Jason (Available profiles: Jason)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Aequus Gaming) C:\Program Files (x86)\LSI\LoLSummonerInfo.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
(Spotify Ltd) C:\Users\Jason\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Aequus Gaming) C:\Program Files (x86)\LSI\LoLSummonerInfo.exe
(Aequus Gaming) C:\Program Files (x86)\LSI\LoLSummonerInfo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\Run: [Spotify Web Helper] => C:\Users\Jason\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-12] (Spotify Ltd)
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\Run: [Spotify] => C:\Users\Jason\AppData\Roaming\Spotify\Spotify.exe [7320120 2015-05-12] (Spotify Ltd)
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\MountPoints2: {947d14b3-b0b7-11e3-82ad-94dbc9968126} - "E:\Autorun.exe" 
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\...\MountPoints2: {e85368e2-4d5b-11e3-8256-806e6f6e6963} - "D:\launcher.exe" 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1070527172-730823832-1899421597-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2014-10-25] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1070527172-730823832-1899421597-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jason\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Jason\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (YouTube) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-14]
CHR Extension: (Google Search) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-14]
CHR Extension: (Bookmark Manager) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-14]
CHR Extension: (Gmail) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-30] (EasyAntiCheat Ltd)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-02] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22128 2012-03-08] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2015-01-06] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2015-01-06] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2015-01-06] (BitDefender)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2015-01-06] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2015-01-06] (BitDefender LLC)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39080 2013-10-13] (Razer Inc)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-17 17:02 - 2015-05-17 17:02 - 00000618 _____ () C:\Users\Jason\Desktop\fixlist.txt
2015-05-15 18:25 - 2015-05-17 21:32 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1070527172-730823832-1899421597-1002
2015-05-15 10:42 - 2015-05-18 16:29 - 00000000 ____D () C:\Users\Jason\Downloads\FRST-OlderVersion
2015-05-15 10:38 - 2015-05-15 10:38 - 00001049 _____ () C:\Users\Jason\Desktop\JRT.txt
2015-05-15 10:36 - 2015-05-15 10:36 - 02721175 _____ (Thisisu) C:\Users\Jason\Downloads\JRT (1).exe
2015-05-15 10:31 - 2015-05-15 10:31 - 02209792 _____ () C:\Users\Jason\Downloads\adwcleaner_4.204.exe
2015-05-14 16:59 - 2015-05-14 16:59 - 02204160 _____ () C:\Users\Jason\Downloads\adwcleaner_4.203 (2).exe
2015-05-14 16:55 - 2015-05-14 16:55 - 02204160 _____ () C:\Users\Jason\Downloads\adwcleaner_4.203 (1).exe
2015-05-14 16:37 - 2015-05-14 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-14 16:35 - 2015-05-14 16:53 - 00000000 ____D () C:\Users\Jason\Desktop\mbar
2015-05-14 16:35 - 2015-05-14 16:35 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Jason\Downloads\mbar-1.09.1.1004.exe
2015-05-14 16:32 - 2015-05-14 16:32 - 00852630 _____ () C:\Users\Jason\Downloads\SecurityCheck.exe
2015-05-12 18:40 - 2015-04-30 14:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 18:40 - 2015-04-30 14:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 17:22 - 2015-04-30 17:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 17:22 - 2015-04-30 16:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 17:22 - 2015-04-24 15:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 17:22 - 2015-04-13 16:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 17:22 - 2015-04-09 19:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 17:22 - 2015-04-09 18:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 17:22 - 2015-04-09 18:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-12 17:22 - 2015-04-09 18:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 17:22 - 2015-04-09 18:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-12 17:22 - 2015-04-08 16:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 17:22 - 2015-04-02 18:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-12 17:22 - 2015-04-02 18:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 17:22 - 2015-04-01 16:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-12 17:22 - 2015-04-01 16:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-12 17:22 - 2015-03-31 21:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-12 17:22 - 2015-03-31 20:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-12 17:22 - 2015-03-29 23:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-12 17:22 - 2015-03-26 21:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 17:22 - 2015-03-26 20:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 17:22 - 2015-03-26 20:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 17:22 - 2015-03-19 19:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-12 17:22 - 2015-03-17 11:26 - 00467776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-12 17:22 - 2015-03-12 22:03 - 00239424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-12 17:22 - 2015-03-12 22:03 - 00154432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-12 17:22 - 2015-03-12 20:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-12 17:22 - 2015-03-12 19:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-12 17:22 - 2015-03-12 18:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-12 17:22 - 2015-03-12 18:29 - 00410017 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-12 17:22 - 2015-03-10 19:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 17:22 - 2015-03-10 19:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 17:22 - 2015-03-08 20:02 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-12 17:22 - 2015-03-05 21:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 17:22 - 2015-03-05 20:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-12 17:22 - 2015-03-05 20:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 17:22 - 2015-03-04 17:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 17:22 - 2015-03-03 19:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-12 17:22 - 2015-03-03 19:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 17:22 - 2015-02-17 17:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-12 17:22 - 2015-01-29 18:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-12 17:22 - 2014-11-14 00:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-12 17:21 - 2015-04-21 11:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 17:21 - 2015-04-21 10:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 17:21 - 2015-04-21 10:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 17:21 - 2015-04-21 10:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 17:21 - 2015-04-21 10:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 17:21 - 2015-04-21 10:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 17:21 - 2015-04-21 10:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 17:21 - 2015-04-21 10:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 17:21 - 2015-04-21 10:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-12 17:21 - 2015-04-21 10:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 17:21 - 2015-04-21 10:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 17:21 - 2015-04-21 10:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 17:21 - 2015-04-21 10:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-12 17:21 - 2015-04-21 10:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 17:21 - 2015-04-21 10:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 17:21 - 2015-04-21 09:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-12 17:21 - 2015-04-21 09:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 17:21 - 2015-04-21 09:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-12 17:21 - 2015-04-21 09:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 17:21 - 2015-04-21 09:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 17:21 - 2015-04-21 09:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 17:21 - 2015-04-21 09:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 17:21 - 2015-04-21 09:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 17:21 - 2015-04-21 09:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 17:21 - 2015-04-21 09:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-12 17:21 - 2015-04-21 09:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 17:21 - 2015-04-21 09:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-12 17:21 - 2015-04-21 09:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 17:21 - 2015-04-21 09:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-12 17:21 - 2015-04-21 09:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 17:21 - 2015-04-21 09:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 17:21 - 2015-04-21 09:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 17:21 - 2015-04-21 09:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 17:21 - 2015-04-21 09:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 17:21 - 2015-04-21 09:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 17:21 - 2015-04-21 09:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 17:21 - 2015-04-21 09:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 17:21 - 2015-04-21 08:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 17:21 - 2015-04-21 08:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-11 19:35 - 2015-05-11 20:15 - 00060510 _____ () C:\Users\Jason\Downloads\Addition.txt
2015-05-11 19:34 - 2015-05-18 16:34 - 00000000 ____D () C:\FRST
2015-05-11 19:34 - 2015-05-15 10:43 - 00034298 _____ () C:\Users\Jason\Downloads\FRST.txt
2015-05-11 19:33 - 2015-05-15 10:42 - 02106368 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe
2015-05-11 19:28 - 2015-05-11 20:19 - 00000000 ____D () C:\Users\Jason\BackupTEMP
2015-05-11 19:16 - 2015-05-11 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-05-11 19:16 - 2015-05-11 19:16 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2015-05-11 19:12 - 2015-05-11 19:14 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Jason\Downloads\cbSetup.exe
2015-05-11 17:45 - 2015-05-18 16:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-11 17:45 - 2015-05-11 17:45 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-11 17:45 - 2015-05-11 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-11 17:44 - 2015-05-14 16:35 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-11 17:44 - 2015-05-11 17:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-11 17:44 - 2015-05-11 17:44 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Jason\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-11 17:44 - 2015-05-11 17:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-11 17:44 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-11 17:44 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-11 17:41 - 2015-05-11 17:43 - 00001616 _____ () C:\Users\Jason\Desktop\Rkill.txt
2015-05-11 17:41 - 2015-05-11 17:41 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Jason\Downloads\rkill.exe
2015-05-11 17:41 - 2015-05-11 17:41 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Jason\Downloads\rkill64.exe
2015-05-11 17:36 - 2015-05-11 17:36 - 02204160 _____ () C:\Users\Jason\Downloads\adwcleaner_4.203.exe
2015-05-11 17:18 - 2015-05-11 17:18 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-05-11 17:12 - 2015-05-11 17:19 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-11 17:11 - 2015-05-11 17:12 - 11024496 _____ (SurfRight B.V.) C:\Users\Jason\Downloads\HitmanPro_x64.exe
2015-05-11 17:08 - 2015-05-11 17:08 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Jason\Downloads\tdsskiller.exe
2015-05-10 22:10 - 2015-05-10 22:10 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JASONSTHING-Windows-8.1-(64-bit).dat
2015-05-10 22:10 - 2015-05-10 22:10 - 00000000 ____D () C:\RegBackup
2015-05-10 22:09 - 2015-05-10 22:10 - 02720307 _____ (Thisisu) C:\Users\Jason\Downloads\JRT.exe
2015-05-10 21:53 - 2015-05-15 10:32 - 00000000 ____D () C:\AdwCleaner
2015-05-10 20:46 - 2015-05-10 21:16 - 00003008 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-05-10 20:46 - 2015-05-10 21:16 - 00003008 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-05-10 20:46 - 2015-05-10 20:46 - 00000000 ____D () C:\searchplugins
2015-05-10 20:42 - 2015-05-18 16:31 - 00002352 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-05-10 20:42 - 2015-05-10 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-05-10 20:42 - 2015-05-10 20:42 - 00000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2015-05-10 20:42 - 2015-01-06 12:47 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2015-05-10 20:42 - 2015-01-06 12:47 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2015-05-10 20:42 - 2015-01-06 12:37 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2015-05-10 20:35 - 2015-05-10 20:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-05-10 20:28 - 2015-05-10 20:28 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-05-10 20:24 - 2015-05-10 20:24 - 02057008 _____ () C:\Users\Jason\Downloads\Adaware_Installer.exe
2015-05-10 18:09 - 2015-05-10 18:09 - 00115712 ___SH () C:\Users\Jason\Downloads\Thumbs.db
2015-05-10 17:49 - 2015-05-17 18:20 - 00003264 _____ () C:\Windows\System32\Tasks\IT Viewer Schedualer
2015-05-10 17:49 - 2015-05-10 21:58 - 00000000 ____D () C:\Program Files (x86)\IT Viewer
2015-05-10 17:49 - 2015-05-10 18:19 - 00003272 _____ () C:\Windows\System32\Tasks\Security Software
2015-05-10 17:49 - 2015-05-10 17:49 - 00000000 _____ () C:\Users\Jason\AppData\Roaming\D010.tmp
2015-05-07 10:41 - 2015-05-07 10:41 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts
2015-05-07 10:30 - 2015-05-07 10:30 - 00000000 ____D () C:\Program Files (x86)\LucasArts
2015-04-29 19:35 - 2015-05-07 19:14 - 00000000 ____D () C:\Users\Jason\Documents\Garbage
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-18 16:33 - 2014-10-10 20:03 - 00003232 _____ () C:\Windows\System32\Tasks\Run LSI
2015-05-18 16:33 - 2014-10-10 18:38 - 00000000 ____D () C:\Program Files (x86)\LSI
2015-05-18 16:33 - 2013-11-14 13:48 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4B69A622-9FCF-461E-B600-785746FBC620}
2015-05-18 16:32 - 2014-06-22 14:27 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8e58704846e9.job
2015-05-18 16:31 - 2014-06-22 14:27 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8e586d8d896f.job
2015-05-18 16:31 - 2013-11-14 13:57 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-18 16:31 - 2013-11-14 13:47 - 00000000 __RDO () C:\Users\Jason\SkyDrive
2015-05-18 16:30 - 2013-09-30 13:26 - 00048894 _____ () C:\Windows\PFRO.log
2015-05-18 16:30 - 2013-08-22 08:46 - 00042113 _____ () C:\Windows\setupact.log
2015-05-18 16:30 - 2013-08-22 08:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-18 16:29 - 2013-11-14 13:41 - 01444933 _____ () C:\Windows\WindowsUpdate.log
2015-05-18 16:29 - 2013-08-22 07:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-05-18 16:27 - 2013-11-14 13:57 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-18 16:25 - 2015-04-14 18:52 - 00000000 ____D () C:\Users\Jason\AppData\Local\Spotify
2015-05-18 16:25 - 2015-04-14 18:51 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Spotify
2015-05-18 16:21 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-17 17:27 - 2014-06-22 14:27 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf8e58704846e9
2015-05-17 17:27 - 2014-06-22 14:27 - 00003666 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf8e586d8d896f
2015-05-17 17:06 - 2013-08-22 09:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-17 16:42 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-16 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\rescache
2015-05-15 18:20 - 2013-11-14 13:58 - 00002228 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-13 12:04 - 2013-11-24 04:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 12:04 - 2013-11-24 04:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 12:04 - 2013-08-22 08:44 - 00360288 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-12 22:55 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-12 18:41 - 2013-08-22 09:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-12 18:40 - 2013-11-15 14:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-12 18:36 - 2013-11-15 14:18 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-12 18:35 - 2013-11-24 04:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 18:34 - 2013-08-22 13:11 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-11 19:28 - 2013-11-14 13:43 - 00000000 ____D () C:\Users\Jason
2015-05-11 18:47 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\PLA
2015-05-10 22:02 - 2013-11-11 17:33 - 00001225 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk
2015-05-10 21:38 - 2013-12-15 02:22 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Lavasoft
2015-05-10 21:38 - 2013-11-19 04:06 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-05-10 17:50 - 2013-11-14 13:45 - 00001374 _____ () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-07 10:42 - 2013-11-15 18:10 - 00267986 _____ () C:\Windows\DirectX.log
2015-05-06 23:23 - 2013-11-15 05:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-05 11:59 - 2013-08-22 09:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 11:59 - 2013-08-22 09:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-04 20:31 - 2015-01-31 21:11 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LSI - LoL Summoner Information
2015-05-04 20:31 - 2015-01-31 21:11 - 00000000 ____D () C:\Users\Jason\AppData\Local\LSI
2015-04-24 09:29 - 2014-02-06 00:59 - 00000000 ____D () C:\Users\Jason\AppData\Local\Battle.net
2015-04-23 23:53 - 2014-02-06 00:59 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-23 21:33 - 2014-04-11 06:07 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
 
==================== Files in the root of some directories =======
 
2015-05-10 17:49 - 2015-05-10 17:49 - 0000000 _____ () C:\Users\Jason\AppData\Roaming\D010.tmp
2013-11-15 05:09 - 2013-11-16 02:41 - 0007602 _____ () C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
2015-05-10 20:42 - 2015-05-10 20:42 - 0000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-13 14:20
 
==================== End Of Log ============================


#13 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:41 PM

Posted 19 May 2015 - 05:06 AM

Hello gaiaroadkilik,


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 gaiaroadkilik

gaiaroadkilik
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 20 May 2015 - 09:23 PM

Still having the same problems.
Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 5/19/2015
Scan Time: 8:06:33 PM
Logfile: Mwbytes scan.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.19.06
Rootkit Database: v2015.05.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Jason

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345517
Time Elapsed: 10 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
PUM.Bad.Proxy, HKU\S-1-5-21-1070527172-730823832-1899421597-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, Quarantined, [7c06a5f0a7e367cf740179efb3521fe1]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.AZLyrics.A, C:\Users\Jason\AppData\Local\Google\Chrome\User Data\default\Local Storage\http_www.azlyrics.com_0.localstorage, Quarantined, [31519203503ab58118d9a746748f8e72], 
PUP.Optional.AZLyrics.A, C:\Users\Jason\AppData\Local\Google\Chrome\User Data\default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, Quarantined, [6b174550e3a79d9927cafaf329da1fe1], 

Physical Sectors: 0
(No malicious items detected)


(end)

C:\Users\Jason\Downloads\GUIZipSetup.exe NSIS/TrojanDownloader.Adload.O trojan 


#15 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:41 PM

Posted 21 May 2015 - 02:26 AM

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants. Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process. Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. DSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users