Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus disables programs


  • This topic is locked This topic is locked
15 replies to this topic

#1 asterik216

asterik216

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 10 July 2015 - 02:58 PM

I got something yesterday on my comouter. It came up with malwarebytes but then it broke malwarebytes so it wouldnt start It removes the icons so it looks like a old shortcut to a program that is uninstalled but on the main exe. I tried to uninstall it and it fails to load the uninstaller and says it may have been removed. I tried to redownload it and it disables the download file instantly and it installing runs into a error. It did the same thing with my google chrome just earlier. I then tried to install super anti spyware from a install I already had and it blocks that also.
 
I have a scan I did last night also. It didn;t run from desktop and all that but if I have to do it again I will.
 
Also I forgot to add It shows my processor is running at 100% usually and at around 48c in core temps. Nothing really can make my processor hit 100% unless its briefly so it is for sure trying to bog down my system.

Edited by Queen-Evie, 10 July 2015 - 04:01 PM.
moved from Am I Infected to Malware Removal Logs. FRST logs are allowed on in MRL board.


BC AdBot (Login to Remove)

 


#2 asterik216

asterik216
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 10 July 2015 - 03:02 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-07-2015
Ran by MarvelousJ at 2015-07-10 01:07:14
Running from E:\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2626650183-1144114338-2090188982-500 - Administrator - Disabled)
Guest (S-1-5-21-2626650183-1144114338-2090188982-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2626650183-1144114338-2090188982-1002 - Limited - Enabled)
MarvelousJ (S-1-5-21-2626650183-1144114338-2090188982-1000 - Administrator - Enabled) => C:\Users\MarvelousJ

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2626650183-1144114338-2090188982-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.02.03 - ASUSTeK Computer Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archeblade (HKLM-x32\...\Steam App 207230) (Version:  - CodeBrush Games)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.1.0 - Asmedia Technology)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.22 - ASUSTeK Computer Inc.)
ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.3.8 - ASUSTeK Computer Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AutoHotkey 1.1.22.02 (HKLM\...\AutoHotkey) (Version: 1.1.22.02 - Lexikos)
AutoIt v3.3.12.0 (HKLM-x32\...\AutoItv3) (Version: 3.3.12.0 - AutoIt Team)
Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version:  - Hardsuit Labs)
Bloodline Champions (HKLM-x32\...\Steam App 6370) (Version:  - Stunlock Studios)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CGS17_Setup_x64 (Version: 17.0 - Corel Corporation) Hidden
CheVolume 0.3.0.0 (HKLM-x32\...\CheVolume_0) (Version: 0.3.0.0 - WellWeWeb)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.0.491 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID ASUS CPU-Z 1.69 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.69 - CPUID, Inc.)
CPUID CPU-Z 1.72.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Defiance (HKLM-x32\...\Steam App 224600) (Version:  - Trion Worlds, Inc.)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
Disk Unlocker (HKLM-x32\...\{FE73C47E-0FF8-47A6-A903-FFA827A4B43D}) (Version: 2.0.8 - ASUS)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)
Glary Utilities 5.26 (HKLM-x32\...\Glary Utilities 5) (Version: 5.26.0.45 - Glarysoft Ltd)
Google Chrome (HKU\S-1-5-21-2626650183-1144114338-2090188982-1000\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GunZ 2: The Second Duel (HKLM-x32\...\Steam App 242720) (Version:  - MAIET Entertainment)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Reloaded Games)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Officejet 4620 series Basic Device Software (HKLM\...\{B411AD10-1BC9-4939-8848-BC5E66F662B7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.183 - Logitech Inc.)
Magic The Gathering Online  (HKU\S-1-5-21-2626650183-1144114338-2090188982-1000\...\35c9d60442fbb010) (Version: 3.4.86.499 - Wizards of the Coast)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
NETGEAR WG111v3 wireless USB 2.0 adapter (HKLM-x32\...\InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) (Version: 1.01.10 - NETGEAR)
NETGEAR WG111v3 wireless USB 2.0 adapter (x32 Version: 1.01.10 - NETGEAR) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.9.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
Quake III Arena (HKLM-x32\...\Quake III Arena) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6642 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Shark007 Advanced Codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 5.2.5 - Shark007)
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.8.2808.0 - Hi-Rez Studios)
Spotify (HKU\S-1-5-21-2626650183-1144114338-2090188982-1000\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Strife (HKLM-x32\...\Steam App 339280) (Version:  - S2 Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)
Turbo LAN v9.05 (HKLM\...\Turbo LAN) (Version: 9.05 - cFos Software GmbH, Bonn)
Ultima Online Classic Client (HKLM-x32\...\Ultima Online Classic) (Version:  - Electronic Arts)
USB PnP Sound Device (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version:   -  )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 11.1.2 - VMware, Inc)
VMware Workstation (Version: 11.1.2 - VMware, Inc.) Hidden
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
x64 Components v5.2.5 (HKLM\...\Advanced x64Components_is1) (Version: 5.2.5 - Shark007)
X-Mouse Button Control 2.10.2 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.10.2 - Highresolution Enterprises)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2626650183-1144114338-2090188982-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\MarvelousJ\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2626650183-1144114338-2090188982-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\MarvelousJ\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2626650183-1144114338-2090188982-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\MarvelousJ\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

02-07-2015 15:04:33 Scheduled Checkpoint
09-07-2015 20:53:21 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {129A74DF-58E9-4BC8-86AC-917766964CF3} - System32\Tasks\{23D9FEBC-19C6-46CB-B6E0-C7A127C9EA21} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
Task: {3D621A08-71EC-4129-896D-21F9107D8C46} - System32\Tasks\ASUS\ASUS DigiVRM Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe [2011-04-13] (ASUSTeK Computer Inc.)
Task: {3D7F7DF8-268C-4FAE-AFBB-CA3CE8AFDA60} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {706A0404-0BA2-4152-87C9-F9AFE1598FE8} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-05-25] (Glarysoft Ltd)
Task: {76489DF8-65D9-471C-B332-ED4BE801E243} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-02] (Google Inc.)
Task: {96C2D620-2E77-4719-8E2D-010692B0D198} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-02] (Google Inc.)
Task: {C2544551-4DC4-4AE7-A140-4C6AD74AB053} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2626650183-1144114338-2090188982-1000UA => C:\Users\MarvelousJ\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-02] (Google Inc.)
Task: {CF308EE5-8B90-47F8-9B22-3CB399BACB1C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {DC022124-3BD0-47A3-B686-F21C3C8F2441} - System32\Tasks\GlaryOneClickOptimizer 5 => C:\Program Files (x86)\Glary Utilities 5\OneClickMaintenance.exe [2015-05-25] (Glarysoft Ltd)
Task: {E5375FC7-7D3D-4453-BA24-2A05D9466FCA} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {F5424B47-5160-44C3-8410-2042C62A372E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2626650183-1144114338-2090188982-1000Core => C:\Users\MarvelousJ\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-02] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2626650183-1144114338-2090188982-1000Core.job => C:\Users\MarvelousJ\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2626650183-1144114338-2090188982-1000UA.job => C:\Users\MarvelousJ\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-06-18 13:50 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2015-04-15 16:13 - 2015-04-15 16:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-02 10:34 - 2014-02-20 04:27 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2015-06-02 10:26 - 2010-12-02 10:15 - 00915584 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
2015-06-02 10:26 - 2011-10-07 11:35 - 00586880 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2014-09-18 03:23 - 2014-09-18 03:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-03-12 14:23 - 2015-03-12 14:23 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 03:23 - 2014-09-18 03:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-03-12 14:23 - 2015-03-12 14:23 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2008-12-11 15:46 - 2008-12-11 15:46 - 02502656 _____ () C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
2015-05-31 07:36 - 2015-05-31 07:36 - 12732608 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2015-06-02 10:34 - 2015-07-10 01:03 - 00037376 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2015-06-02 10:34 - 2014-02-20 04:27 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2015-05-31 07:59 - 2015-05-31 07:59 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-05-31 07:36 - 2015-05-31 07:36 - 00191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2015-05-31 07:36 - 2015-05-31 07:36 - 00388288 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2015-05-31 07:36 - 2015-05-31 07:36 - 00194752 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2015-06-02 10:38 - 2011-03-04 16:33 - 00053248 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2015-06-02 10:38 - 2009-05-21 10:14 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2015-06-02 10:26 - 2011-07-12 19:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2015-06-02 10:26 - 2010-10-05 08:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2015-06-02 10:35 - 2011-02-09 09:02 - 00873472 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
2015-06-02 10:36 - 2011-03-09 14:55 - 01036800 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
2015-06-02 10:26 - 2011-08-12 15:48 - 00985088 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2015-06-02 10:36 - 2011-03-11 19:53 - 01257472 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2015-06-02 10:26 - 2011-07-26 16:16 - 00880128 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2015-06-02 10:26 - 2011-07-29 11:44 - 01611776 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2015-06-02 10:26 - 2011-08-09 12:15 - 01242624 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2015-06-02 10:26 - 2011-07-21 09:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2015-06-02 10:26 - 2011-07-21 20:33 - 00885760 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2015-06-02 10:37 - 2011-05-11 17:03 - 00651264 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Thermal Radar\ThermalRadar.dll
2015-06-02 10:26 - 2010-08-23 10:17 - 00662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll
2015-06-02 10:26 - 2010-10-05 08:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2015-06-02 10:26 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
2015-05-25 02:22 - 2015-05-25 02:22 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2015-06-02 11:00 - 2015-04-16 13:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-06-02 11:00 - 2015-04-22 22:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-06-02 11:00 - 2015-04-22 22:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-06-02 11:00 - 2015-04-22 22:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-06-02 11:00 - 2015-06-04 14:56 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll
2015-06-02 11:00 - 2014-12-01 17:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-06-02 11:00 - 2014-12-01 17:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-06-02 11:00 - 2014-12-01 17:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-06-02 11:00 - 2014-12-01 17:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-06-02 11:00 - 2014-12-01 17:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-06-02 11:00 - 2015-06-04 14:56 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-06-02 11:00 - 2015-05-11 15:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-06-02 11:00 - 2015-05-11 15:01 - 08958344 _____ () C:\Program Files (x86)\Steam\bin\pdf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2626650183-1144114338-2090188982-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MarvelousJ\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8F21D874-1ABE-4EFC-BD28-1BEA13B7C0D4}] => (Allow) C:\Users\MarvelousJ\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{22D11693-6A7E-47BE-8D6F-2E978F12D14F}] => (Allow) C:\Users\MarvelousJ\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ECEB3EB2-0C2E-48AC-8989-3CEEA03F4FB1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{58C0637D-8DC6-4CCA-B113-8B7F4EABFB2B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A6FF03E5-AE36-45AB-8D2E-F77095AF9320}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ACB25E75-E8D7-4CF4-883A-1C5C947123DE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{89DF66A1-18F8-4961-9051-753493A9A98C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{40074EC7-3651-4E3E-BFB8-271506B00BC8}] => (Allow) LPort=1487
FirewallRules: [{E21F5B49-361E-4B40-B768-D2D00FDB40BC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D4718274-0F10-4C70-B9AF-D1394E7CC8B6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{81CDF4C2-5E22-41DE-AD74-B0879D27792A}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{F80A9B70-D1D8-4647-9C39-6EC9B405A934}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{8ABC18DB-5F06-456B-A9C5-E17C95FDBA9B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CF9E0AF5-E2A8-4254-B7B7-733508A503B0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0AB13C51-20D9-4594-A4AC-89F392C4581D}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\FaxApplications.exe
FirewallRules: [{D17AB20A-A4FE-4CAA-AE9F-396F4F2651EB}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\DigitalWizards.exe
FirewallRules: [{E20BBBFE-B2A3-41C9-B31F-AFA90DD9E6B0}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\SendAFax.exe
FirewallRules: [{3116B3F3-E16A-48BB-8390-EC58367785C2}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\DeviceSetup.exe
FirewallRules: [{1233E588-8E91-4A8C-BCCE-DE5C36743807}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{BAD9BE28-BDCC-466B-BACB-2126D71E7BD9}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{C48721EE-8847-4B0E-8738-7636E7AD6DE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5sp.exe
FirewallRules: [{C6EF678A-42FE-4E94-B534-F57C17B77366}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5sp.exe
FirewallRules: [{3FEE6674-C86D-4F2E-ACA5-89FF0608BF23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B64691E0-E756-482E-9EC2-6BD5FFB32434}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{FFB2AEE6-DE79-47C9-BD83-EAA86CAC78AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{41BBA554-5F33-4855-A154-BA45C40E21BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{FB2ECBEA-AE2B-4E86-9C42-80DB0D1B83B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{23E946C7-B1DC-4B3B-BEAB-FBF829DF3FB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{2720C796-17F5-4636-B093-2261D0E990C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{961D56DE-08CC-442D-A653-EA4031133D39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{A600C9F7-6299-41D6-924E-D75F67D6ACDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ArcheBlade\Binaries\Win32\Archeblade.exe
FirewallRules: [{7B5D6050-43FE-4558-9499-BF2A6089739D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ArcheBlade\Binaries\Win32\Archeblade.exe
FirewallRules: [{616815D4-B9FF-4D7A-A082-9360EB638912}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{F83722C8-9FBF-4A9D-8138-67C1010C2ADF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{2372F983-771D-44F8-8C91-0AA2CE49FA32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{A70E8A0F-E5D6-4E83-8B55-CCC4E9BAC410}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{1FA1F2DA-ECE2-47FC-9F71-ADDA512E27E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{97083F11-38C5-4763-8468-F84FEB424033}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{ECF5D223-3AB6-48DD-AF04-6177995E0804}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6059384B-4F0D-4A6E-A2F0-055EA9C43EA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{AE08F4CD-CEE6-4127-875B-658CEFF7FE29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{1C2593B0-ED7E-4C10-A44D-BB6B0B44052F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{A0C6E886-9DB1-4EDD-A3AD-02B579076D94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{822F6AE7-54E5-4C64-9760-B24F7315CA09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{8657126A-C8D8-4956-8D3A-6CE76C0E4B81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{64D6D8FD-9E0B-486D-8F34-29B6631D0412}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{2D00F2E3-B317-4D01-BD0F-A2574600FAB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{7E1CFFE2-8CA9-4D26-A11A-B7A13B09B745}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{F909857F-7AC8-425D-8F1D-32F04D6D4F58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\blacklightretribution\Blacklight Retribution.exe
FirewallRules: [{C4B50C51-A9B3-4720-BEAF-0852062ED543}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\blacklightretribution\Blacklight Retribution.exe
FirewallRules: [{44CC7039-416B-4546-BB91-EB735B7C20CF}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{A60F0689-5FE1-409B-9CAA-75EF341E2895}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{3110B3CE-E5A3-45FF-98F5-550F7A08FC25}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{72AC2E69-58C5-4544-9EDA-B42F8FDA35D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9092C8B5-4962-4139-B902-95DE4E4FCF81}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BCB6A20A-B64C-48F5-9EFF-B59D40EE2759}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FA9B7DAE-1D72-4587-8257-3CA778E39BB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GunZ 2 The Second Duel\Gunz2_Steam.exe
FirewallRules: [{307AFAFE-CBD5-4FA9-A819-8A63060F3662}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GunZ 2 The Second Duel\Gunz2_Steam.exe
FirewallRules: [{7837A3FB-5327-4CF3-B59B-1D7132DE4065}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{8F90D4E1-CF31-45C1-8B7E-64FE87459271}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{388CE63D-6C8B-4906-AC84-F3F6DC092E3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defiance\Patcher.exe
FirewallRules: [{672C666A-7E6B-49F9-9A52-557272935B92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defiance\Patcher.exe
FirewallRules: [{79CA7343-3324-44E1-ADFC-03A553914CC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{14ABDA26-5B8F-43FF-A1C2-AA9D376E2579}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [TCP Query User{9A73DDD9-A886-4A94-AAE4-CC64D30396EE}C:\program files (x86)\steam\steamapps\common\dirty bomb\binaries\win32\shootergame-win32-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dirty bomb\binaries\win32\shootergame-win32-shipping.exe
FirewallRules: [UDP Query User{2F4DCCC1-2673-4225-8702-B4ACF39A6E00}C:\program files (x86)\steam\steamapps\common\dirty bomb\binaries\win32\shootergame-win32-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dirty bomb\binaries\win32\shootergame-win32-shipping.exe
FirewallRules: [{BFB06FFB-4E9E-4975-A039-EA9EB7433EC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{CD243000-734F-452A-A50B-5CFB1E3BF9A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{9C153527-34E8-43F4-B819-2BB7D14FA786}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{05A3D825-F307-4024-9B74-80EF48F1C73D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{270BF688-B7EF-45C0-98C3-366C577124E2}C:\program files (x86)\quake iii arena\quake3.exe] => (Block) C:\program files (x86)\quake iii arena\quake3.exe
FirewallRules: [UDP Query User{80400D06-FE01-41DD-AD1E-F8ADD5DB762D}C:\program files (x86)\quake iii arena\quake3.exe] => (Block) C:\program files (x86)\quake iii arena\quake3.exe
FirewallRules: [TCP Query User{831F1AC5-57EF-438C-A448-FD68E7971CE4}F:\quake3\quake3.exe] => (Allow) F:\quake3\quake3.exe
FirewallRules: [UDP Query User{B211CFC9-18C2-441F-82ED-E08A434C0A7D}F:\quake3\quake3.exe] => (Allow) F:\quake3\quake3.exe
FirewallRules: [{67824753-648E-443C-B600-BACD0FABDEE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\strife\bin\strife.exe
FirewallRules: [{1B509BBD-A5AE-483D-B4C5-13690E5C4DC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\strife\bin\strife.exe
FirewallRules: [{75A050C6-9049-4E6B-B426-9626FEB332FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Mighty Quest For Epic Loot\Launcher\PublicLauncher.exe
FirewallRules: [{A6229ED7-D30C-4025-AD9B-06AB1722F644}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Mighty Quest For Epic Loot\Launcher\PublicLauncher.exe
FirewallRules: [{7D46BACF-C8F5-4C4B-A52D-2B636381B8B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Mighty Quest For Epic Loot\Launcher\MQELDiagnostics.exe
FirewallRules: [{50214647-F014-4004-A9F5-08E86211C11B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Mighty Quest For Epic Loot\Launcher\MQELDiagnostics.exe
FirewallRules: [{693FD640-944D-4709-850C-4DE24CC1EDD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Loadout\Loadout.exe
FirewallRules: [{3A07A531-7133-45C3-8E2D-4E5712508318}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Loadout\Loadout.exe
FirewallRules: [{F3E641D6-967B-409E-B07D-A6782AF44A56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{D9C24B90-C816-428C-A888-6218020B9483}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{DD33842C-90A1-41CE-90D5-18E9F86E45FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloodline Champions\Binary\BloodlineChampionsLoader.exe
FirewallRules: [{E5A87E10-3DE8-46C0-88B9-6E03B4391A59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloodline Champions\Binary\BloodlineChampionsLoader.exe
FirewallRules: [TCP Query User{815395EB-A322-4E45-9AA1-9804BAC03AD8}C:\users\marvelousj\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marvelousj\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3D848529-77D7-446C-B230-2A472349E0D7}C:\users\marvelousj\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marvelousj\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9C08B271-321A-4958-8970-D90D0FD6F2A3}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{A81C78B7-0633-49F2-82CF-8E873B735F38}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{6E91CE6E-642A-480D-AC79-CC52FC0BF3BE}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{45B5E688-6A5B-46F0-B0F0-E5237F7D46FC}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [TCP Query User{B1C16AB5-8C65-4CA8-9377-7BC394D5F685}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{802DDCDD-4023-44F4-A975-29193F939AB6}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{09822522-D7FF-4746-80CB-BCEF0A096738}] => (Allow) C:\Users\MarvelousJ\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{643A6C49-AF9E-49AB-8D93-28CC59AB4660}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{D00645EA-B51E-4981-9625-4D6536F660EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{E6BE8613-27CF-4B1F-AB4B-1FBC403ADB9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{0C529407-EC1E-4FE8-A3C9-EEA2BF6BC48F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe

==================== Faulty Device Manager Devices =============

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2015 01:06:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam-setup-2.1.8.1057.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 148c

Start Time: 01d0bace0ad3c756

Termination Time: 1

Application Path: C:\Users\MARVEL~1\AppData\Local\Temp\is-4I5QC.tmp\mbam-setup-2.1.8.1057.tmp

Report Id:

Error: (07/10/2015 01:04:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2015 06:22:18 PM) (Source: BugSplat) (EventID: 1) (User: )
Description: This event has been logged by the BugSplat crash reporting library (http://www.bugsplatsoftware.com)
in partnership with your vendor lol_beta_riotgames_com.
A crash report from the application 'LOL_Public' has been successfully logged into the BugSplat database with id=131988024.
Please contact your vendor for more information.

Error: (07/09/2015 05:31:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam-clean-2.1.1.1001 (1).exe, version: 2.1.1.1001, time stamp: 0x53b1d76e
Faulting module name: mbam-clean-2.1.1.1001 (1).exe, version: 2.1.1.1001, time stamp: 0x53b1d76e
Exception code: 0x40000015
Fault offset: 0x00021ced
Faulting process id: 0x2680
Faulting application start time: 0xmbam-clean-2.1.1.1001 (1).exe0
Faulting application path: mbam-clean-2.1.1.1001 (1).exe1
Faulting module path: mbam-clean-2.1.1.1001 (1).exe2
Report Id: mbam-clean-2.1.1.1001 (1).exe3

Error: (07/09/2015 05:29:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam-clean-2.1.1.1001.exe, version: 2.1.1.1001, time stamp: 0x53b1d76e
Faulting module name: mbam-clean-2.1.1.1001.exe, version: 2.1.1.1001, time stamp: 0x53b1d76e
Exception code: 0x40000015
Fault offset: 0x00021ced
Faulting process id: 0x26b8
Faulting application start time: 0xmbam-clean-2.1.1.1001.exe0
Faulting application path: mbam-clean-2.1.1.1001.exe1
Faulting module path: mbam-clean-2.1.1.1001.exe2
Report Id: mbam-clean-2.1.1.1001.exe3

Error: (07/09/2015 05:29:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam-clean-2.1.1.1001.exe, version: 2.1.1.1001, time stamp: 0x53b1d76e
Faulting module name: mbam-clean-2.1.1.1001.exe, version: 2.1.1.1001, time stamp: 0x53b1d76e
Exception code: 0x40000015
Fault offset: 0x00021ced
Faulting process id: 0x2bf4
Faulting application start time: 0xmbam-clean-2.1.1.1001.exe0
Faulting application path: mbam-clean-2.1.1.1001.exe1
Faulting module path: mbam-clean-2.1.1.1001.exe2
Report Id: mbam-clean-2.1.1.1001.exe3

Error: (07/09/2015 05:19:23 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5420 - Exception of type 'System.Exception' was thrown.

Error: (07/09/2015 05:19:17 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5420 - Exception of type 'System.Exception' was thrown.

Error: (07/09/2015 05:19:11 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5420 - Exception of type 'System.Exception' was thrown.

Error: (07/09/2015 05:19:05 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5420 - Exception of type 'System.Exception' was thrown.

System errors:
=============
Error: (07/10/2015 01:03:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error:
%%5

Error: (07/10/2015 01:03:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%5

Error: (07/10/2015 01:03:07 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (07/10/2015 01:02:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/09/2015 04:57:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/09/2015 04:57:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/09/2015 07:12:47 AM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (07/09/2015 01:06:46 AM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (07/09/2015 01:05:46 AM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (07/09/2015 01:04:46 AM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Microsoft Office:
=========================
Error: (07/10/2015 01:06:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam-setup-2.1.8.1057.tmp51.52.0.0148c01d0bace0ad3c7561C:\Users\MARVEL~1\AppData\Local\Temp\is-4I5QC.tmp\mbam-setup-2.1.8.1057.tmp

Error: (07/10/2015 01:04:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2015 06:22:18 PM) (Source: BugSplat) (EventID: 1) (User: )
Description: lol_beta_riotgames_comLOL_Public131988024

Error: (07/09/2015 05:31:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam-clean-2.1.1.1001 (1).exe2.1.1.100153b1d76embam-clean-2.1.1.1001 (1).exe2.1.1.100153b1d76e4000001500021ced268001d0ba8ea73b52feE:\Downloads\mbam-clean-2.1.1.1001 (1).exeE:\Downloads\mbam-clean-2.1.1.1001 (1).exee56ed2c0-2681-11e5-a58c-e1ad6d40ae0c

Error: (07/09/2015 05:29:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam-clean-2.1.1.1001.exe2.1.1.100153b1d76embam-clean-2.1.1.1001.exe2.1.1.100153b1d76e4000001500021ced26b801d0ba8e6207c5b8E:\Downloads\mbam-clean-2.1.1.1001.exeE:\Downloads\mbam-clean-2.1.1.1001.exea07ff09c-2681-11e5-a58c-e1ad6d40ae0c

Error: (07/09/2015 05:29:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam-clean-2.1.1.1001.exe2.1.1.100153b1d76embam-clean-2.1.1.1001.exe2.1.1.100153b1d76e4000001500021ced2bf401d0ba8e4dad836eE:\Downloads\mbam-clean-2.1.1.1001.exeE:\Downloads\mbam-clean-2.1.1.1001.exe8cf00628-2681-11e5-a58c-e1ad6d40ae0c

Error: (07/09/2015 05:19:23 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5420 - Exception of type 'System.Exception' was thrown.

Error: (07/09/2015 05:19:17 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5420 - Exception of type 'System.Exception' was thrown.

Error: (07/09/2015 05:19:11 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5420 - Exception of type 'System.Exception' was thrown.

Error: (07/09/2015 05:19:05 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5420 - Exception of type 'System.Exception' was thrown.

==================== Memory info ===========================

Processor: AMD FX™-8350 Eight-Core Processor
Percentage of memory in use: 15%
Total physical RAM: 16298.11 MB
Available physical RAM: 13797.14 MB
Total Virtual: 32594.43 MB
Available Virtual: 29982.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:262.62 GB) NTFS
Drive d: (Music) (Fixed) (Total:298.09 GB) (Free:64.63 GB) NTFS
Drive e: (More GiGs) (Fixed) (Total:465.76 GB) (Free:149.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 000092C6)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F59CA0EC)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CA1BABAE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of log ============================



#3 asterik216

asterik216
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 10 July 2015 - 03:05 PM

It won't let me paste FRST.txt as I think it exceeds the # of chars I can use. I cant figuure out how to attack the file.



#4 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:03:18 PM

Posted 10 July 2015 - 04:06 PM

Your topic was originally in Am I Infected, which does not allow attachments.

Because you include a FRST log the topic has been moved to Malware Removal Logs forum.

You can attach the file in MRL.

If you saw a reply advising you what tool(s) to run, please do not run them.

#5 asterik216

asterik216
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 10 July 2015 - 06:26 PM

I didn't run any of the programs that I just ran a scan is all. This is not the first time in my life removing malware ect but this is the first time I have ever posted for help.

Attached File  FRST.txt   57.77KB   3 downloads
 
Attached File  Addition.txt   49.28KB   2 downloads
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-07-2015
Ran by MarvelousJ (administrator) on MARVELOUSJ-PC on 10-07-2015 01:06:42
Running from E:\Downloads
Loaded Profiles: MarvelousJ (Available Profiles: MarvelousJ)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(cFos Software GmbH) C:\Program Files\ASUS\Turbo LAN\spd.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(cFos Software GmbH) C:\Program Files\ASUS\Turbo LAN\cfosspeed.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(WellWeWeb) C:\Program Files (x86)\WellWeWeb\CheVolume\CheVolume.exe
() C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6470760 2012-05-15] (Realtek Semiconductor)
HKLM\...\Run: [Turbo LAN] => C:\Program Files\ASUS\Turbo LAN\cFosSpeed.exe [2826640 2014-04-25] (cFos Software GmbH)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-03-12] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1091568 2015-03-02] (Highresolution Enterprises)
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\clientsvr.exe" [X]
HKU\S-1-5-21-2626650183-1144114338-2090188982-1000\...\RunOnce: [System Monitor] => C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe [365568 2015-06-04] (Microsoft Corporation)
HKU\S-1-5-21-2626650183-1144114338-2090188982-1000\...\MountPoints2: F - F:\setup64.exe
HKU\S-1-5-21-2626650183-1144114338-2090188982-1000\...\Winlogon: [Shell] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe [365568 2015-06-04] (Microsoft Corporation) <==== ATTENTION
IFEO\AvastSvc.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\AvastUI.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avcenter.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avconfig.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avgidsagent.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avgnt.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avgrsx.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avguard.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avgui.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avp.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avscan.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\bdagent.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\blindman.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\ccuac.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\ComboFix.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\egui.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\hijackthis.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\instup.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\keyscrambler.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\mbam.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\mbamgui.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\mbampt.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\mbamservice.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\MSASCui.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\MsMpEng.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\msseces.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\rstrui.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\SDFiles.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\SDMain.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\SDWinSec.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\spybotsd.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\wireshark.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\zlclient.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CheVolume.lnk [2015-06-29]
ShortcutTarget: CheVolume.lnk -> C:\Program Files (x86)\WellWeWeb\CheVolume\CheVolume.exe (WellWeWeb)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk [2015-06-14]
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2626650183-1144114338-2090188982-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-28] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-28] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5A5D6B7E-F66B-470E-B403-DA1FD211B214}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{BB1B7257-05D0-4F9B-94F7-0E1B20F9FDDB}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-02] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-12-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-02] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-12-15] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2626650183-1144114338-2090188982-1000: @tools.google.com/Google Update;version=3 -> C:\Users\MarvelousJ\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2626650183-1144114338-2090188982-1000: @tools.google.com/Google Update;version=9 -> C:\Users\MarvelousJ\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-02] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\MarvelousJ\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\MarvelousJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-06-28]
CHR Extension: (OneTab) - C:\Users\MarvelousJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2015-06-28]
CHR Extension: (微度新标签页(APP)) - C:\Users\MarvelousJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmmfcbpgflaeiipmbhelananakfcodj [2015-06-28]
CHR Extension: (Google Play Music) - C:\Users\MarvelousJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-06-28]
CHR Extension: (Wolf and the Ice Planet) - C:\Users\MarvelousJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffkhmkbijdmbncaoclaclldnbndflck [2015-06-02]
CHR Extension: (AdBlock) - C:\Users\MarvelousJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-28]
CHR Extension: (Переведи это) - C:\Users\MarvelousJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflagmdfhgcldiakjcgogfchiipaifii [2015-06-28]
CHR Extension: (Google Play Music) - C:\Users\MarvelousJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2015-06-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MarvelousJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-02]
CHR Extension: (Google Wallet) - C:\Users\MarvelousJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-02]
StartMenuInternet: Google Chrome.HGMEVZKSJSXCGMGVACML2ZI6CE - C:\Users\MarvelousJ\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-02-20] ()
R2 ASDiskUnlocker; C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe [258688 2010-12-02] (ASUSTeK Computer Inc.)
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2011-10-07] ()
R2 cFosSpeedS; C:\Program Files\ASUS\Turbo LAN\spd.exe [1040784 2014-04-25] (cFos Software GmbH)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12732608 2015-05-31] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 ASFLTDrv.sys; C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys [16512 2010-09-16] (ASUSTeK Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-02-20] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-06-02] (Glarysoft Ltd)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-09] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R1 VDiskBus; C:\Windows\System32\DRIVERS\VDiskBus64.sys [43136 2010-09-21] (ASUSTeK Computer Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-05-21] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-10 01:06 - 2015-07-10 01:06 - 00000000 ____D C:\FRST
2015-07-10 01:03 - 2015-07-10 01:03 - 00000332 _____ C:\Windows\PFRO.log
2015-07-10 01:03 - 2015-07-10 01:03 - 00000056 _____ C:\Windows\setupact.log
2015-07-10 01:03 - 2015-07-10 01:03 - 00000000 _____ C:\Windows\setuperr.log
2015-07-09 23:08 - 2015-07-09 23:08 - 00000000 _____ C:\Users\MarvelousJ\Desktop\New Text Document (4).txt
2015-07-09 19:53 - 2015-07-09 19:53 - 00007646 _____ C:\Users\MarvelousJ\AppData\Local\Resmon.ResmonCfg
2015-07-09 17:17 - 2015-07-09 17:17 - 00000000 ____D C:\Users\MarvelousJ\Desktop\New folder (2)
2015-07-09 16:52 - 2015-07-09 16:52 - 00009543 _____ C:\Users\MarvelousJ\Documents\ui.rmproj
2015-07-09 16:47 - 2015-06-04 13:44 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clientsvr.exe
2015-07-09 16:46 - 2015-07-10 01:04 - 00000000 __SHD C:\ProgramData\376948
2015-07-09 16:46 - 2015-07-09 16:46 - 00000006 __RSH C:\ProgramData\fb5382a616c4c270934d047ad549489e2bf34a9b
2015-07-09 16:46 - 2015-07-09 16:46 - 00000000 __SHD C:\ProgramData\377048
2015-07-09 16:46 - 2015-06-04 13:44 - 00365568 _____ (Microsoft Corporation) C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
2015-07-09 16:45 - 2015-01-16 21:44 - 00000000 ____D C:\Users\MarvelousJ\Desktop\FoxeUI 5.9
2015-07-09 15:22 - 2015-07-09 15:20 - 00000315 _____ C:\Users\MarvelousJ\Desktop\hud1920x1080.ini
2015-07-09 15:16 - 2015-07-09 15:16 - 00000000 ____D C:\Users\MarvelousJ\Desktop\lol hud
2015-07-09 06:15 - 2015-07-09 16:52 - 00000000 ____D C:\Users\MarvelousJ\Desktop\1.2.1
2015-06-29 07:53 - 2015-06-29 07:53 - 00000000 ____D C:\Users\MarvelousJ\AppData\Roaming\Highresolution Enterprises
2015-06-29 07:53 - 2015-06-29 07:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Highresolution Enterprises
2015-06-29 07:53 - 2015-06-29 07:53 - 00000000 ____D C:\Program Files\Highresolution Enterprises
2015-06-29 07:46 - 2015-06-29 07:46 - 00000000 ____D C:\Users\MarvelousJ\Desktop\xbindkeys-1.8.6
2015-06-29 04:43 - 2015-06-29 04:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2015-06-29 04:43 - 2015-06-29 04:43 - 00000000 ____D C:\Program Files\AutoHotkey
2015-06-29 01:06 - 2015-06-29 01:06 - 00001167 _____ C:\ProgramData\Microsoft\Windows\Start Menu\CheVolume.lnk
2015-06-29 01:06 - 2015-06-29 01:06 - 00000000 ____D C:\Users\MarvelousJ\AppData\Local\Chevolume.com
2015-06-29 01:06 - 2015-06-29 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WellWeWeb
2015-06-29 01:06 - 2015-06-29 01:06 - 00000000 ____D C:\Program Files (x86)\WellWeWeb
2015-06-28 21:10 - 2015-06-28 21:10 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-28 21:10 - 2015-06-28 21:10 - 00000000 ____D C:\ProgramData\Sun
2015-06-28 21:10 - 2015-06-28 21:10 - 00000000 ____D C:\ProgramData\Oracle
2015-06-28 21:10 - 2015-06-28 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-28 21:10 - 2015-06-28 21:10 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-28 21:03 - 2015-06-28 21:03 - 00000000 ____D C:\Users\MarvelousJ\Downloads\DownSamplingGui0.6
2015-06-28 21:02 - 2015-06-28 21:02 - 00000714 _____ C:\Users\MarvelousJ\Desktop\Downloads - Shortcut.lnk
2015-06-28 21:01 - 2015-06-28 21:01 - 00227422 _____ C:\Users\MarvelousJ\Downloads\DownSamplingGui0.6.zip
2015-06-28 09:57 - 2015-06-29 01:55 - 00000000 ____D C:\Users\MarvelousJ\AppData\Roaming\VMware
2015-06-28 09:57 - 2015-06-29 01:55 - 00000000 ____D C:\Users\MarvelousJ\AppData\Local\VMware
2015-06-28 08:45 - 2015-05-31 07:59 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2015-06-28 08:45 - 2015-05-21 17:36 - 00076480 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2015-06-28 08:45 - 2015-05-21 17:35 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-06-28 08:45 - 2015-05-21 17:35 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2015-06-28 08:44 - 2015-06-28 08:44 - 00001024 _____ C:\Windows\SysWOW64\%TMP%
2015-06-28 08:44 - 2015-05-31 07:59 - 00931520 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2015-06-28 08:44 - 2015-05-31 07:59 - 00359104 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2015-06-28 08:44 - 2015-05-31 07:59 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2015-06-28 08:44 - 2015-05-31 07:58 - 00438464 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2015-06-28 08:44 - 2015-05-22 08:03 - 00055488 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2015-06-28 08:43 - 2015-07-10 01:03 - 00000000 ____D C:\ProgramData\VMware
2015-06-28 08:43 - 2015-06-28 08:43 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2015-06-28 08:43 - 2015-06-28 08:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2015-06-28 08:43 - 2015-06-28 08:43 - 00000000 ____D C:\Program Files\Common Files\VMware
2015-06-28 08:43 - 2015-06-28 08:43 - 00000000 ____D C:\Program Files (x86)\VMware
2015-06-28 08:38 - 2015-06-28 08:41 - 317645824 _____ (VMware, Inc.) C:\Users\MarvelousJ\Downloads\VMware-workstation-full-11.1.2-2780323.exe
2015-06-28 06:06 - 2015-07-09 16:38 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-28 06:04 - 2015-06-28 07:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-28 06:04 - 2015-06-28 06:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-28 06:04 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-28 06:04 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-28 06:04 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-28 06:02 - 2015-06-28 06:03 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\MarvelousJ\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-28 05:57 - 2015-06-28 05:57 - 00000000 __SHD C:\found.000
2015-06-23 08:29 - 2015-06-23 08:29 - 00000000 ____D C:\Users\MarvelousJ\AppData\Roaming\LolClient
2015-06-22 21:25 - 2015-06-22 21:25 - 00001420 _____ C:\Users\MarvelousJ\Desktop\common - Shortcut.lnk
2015-06-20 04:01 - 2015-06-20 04:01 - 00000000 ____D C:\Users\MarvelousJ\AppData\Roaming\Unkn0wns Skin Installation Tool
2015-06-20 03:15 - 2015-06-20 03:16 - 00000000 ____D C:\Users\MarvelousJ\AppData\Roaming\Notepad++
2015-06-20 03:15 - 2015-06-20 03:15 - 00000000 ____D C:\Users\MarvelousJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-06-20 03:15 - 2015-06-20 03:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-06-20 03:15 - 2015-06-20 03:15 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-06-20 03:12 - 2015-06-20 03:43 - 00000000 ____D C:\Users\MarvelousJ\Desktop\CS GO bleep
2015-06-19 21:27 - 2015-06-19 21:27 - 00000723 _____ C:\Users\MarvelousJ\Desktop\practice.cfg
2015-06-19 21:26 - 2015-06-22 20:15 - 00000026 _____ C:\Users\MarvelousJ\Desktop\New Text Document (3).txt
2015-06-19 21:26 - 2015-06-20 02:18 - 00000000 ____D C:\Users\MarvelousJ\AppData\Roaming\PSpad
2015-06-19 21:23 - 2015-06-29 18:19 - 00000000 ____D C:\Program Files (x86)\PSPad editor
2015-06-19 00:46 - 2015-06-20 04:11 - 00007432 _____ C:\Users\MarvelousJ\Desktop\auto.cfg
2015-06-19 00:36 - 2015-06-19 00:36 - 00000000 _____ C:\Users\MarvelousJ\Desktop\New Text Document (2).txt
2015-06-19 00:03 - 2015-06-19 00:08 - 00000000 ____D C:\Users\MarvelousJ\Documents\Outlook Files
2015-06-18 23:59 - 2015-06-18 23:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-06-18 23:59 - 2015-06-18 23:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-06-18 23:58 - 2015-06-18 23:58 - 00000000 ____D C:\Windows\PCHEALTH
2015-06-18 23:58 - 2015-06-18 23:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2015-06-18 23:58 - 2015-06-18 23:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2015-06-18 23:58 - 2015-06-18 23:58 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-06-18 23:57 - 2015-06-18 23:57 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-06-18 23:57 - 2015-06-18 23:57 - 00000000 ____D C:\Program Files\Microsoft Office
2015-06-18 23:57 - 2015-06-18 23:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2015-06-18 23:56 - 2015-06-19 00:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-18 23:56 - 2015-06-18 23:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-18 23:56 - 2015-06-18 23:56 - 00000000 __RHD C:\MSOCache
2015-06-18 23:56 - 2015-06-18 23:56 - 00000000 ____D C:\Users\MarvelousJ\AppData\Local\Microsoft Help
2015-06-18 23:56 - 2015-06-18 23:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-06-18 13:51 - 2015-06-18 13:51 - 00000000 ____D C:\Users\MarvelousJ\AppData\Roaming\WinRAR
2015-06-18 13:50 - 2015-06-18 13:50 - 00000000 ____D C:\Users\MarvelousJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-06-18 13:50 - 2015-06-18 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-06-18 13:50 - 2015-06-18 13:50 - 00000000 ____D C:\Program Files\WinRAR
2015-06-18 13:36 - 2015-06-18 13:36 - 00000170 _____ C:\INSTALL.LOG
2015-06-18 13:02 - 2015-06-18 13:02 - 00000524 _____ C:\Windows\QIII.INI
2015-06-18 13:02 - 2015-06-18 13:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake III Arena
2015-06-18 13:02 - 2015-06-18 13:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mplayer.com
2015-06-18 13:02 - 2015-06-18 13:02 - 00000000 ____D C:\Program Files (x86)\Quake III Arena
2015-06-18 13:02 - 2015-06-18 13:02 - 00000000 ____D C:\Program Files (x86)\Mplayer
2015-06-18 13:01 - 1999-10-09 17:30 - 00305152 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2015-06-18 07:16 - 2015-06-18 07:16 - 00000320 _____ C:\Users\MarvelousJ\Documents\autoexec.cfg
2015-06-18 06:51 - 2015-06-20 02:29 - 00007857 _____ C:\Users\MarvelousJ\Desktop\autoexec.cfg
2015-06-18 06:41 - 2015-06-18 07:15 - 00010273 _____ C:\Users\MarvelousJ\Desktop\config.cfg
2015-06-18 02:42 - 2015-06-18 02:43 - 00000000 ____D C:\Program Files\CCleaner
2015-06-18 02:42 - 2015-06-18 02:42 - 00002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-06-18 02:42 - 2015-06-18 02:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-18 02:39 - 2015-06-18 02:41 - 00000000 ____D C:\Users\MarvelousJ\AppData\Roaming\Winamp
2015-06-18 02:39 - 2015-06-18 02:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2015-06-18 02:39 - 2015-06-18 02:39 - 00000000 ____D C:\Program Files (x86)\Winamp
2015-06-18 01:40 - 2015-06-18 01:40 - 00000425 _____ C:\Users\MarvelousJ\Desktop\Starve Console.txt
2015-06-18 01:39 - 2015-06-18 01:39 - 00000000 ____D C:\Users\MarvelousJ\AppData\Roaming\dvdcss
2015-06-17 22:40 - 2015-06-17 22:47 - 00000295 _____ C:\Users\MarvelousJ\Desktop\New Text Document.txt
2015-06-17 10:30 - 2015-06-17 10:30 - 00000000 ____D C:\Users\MarvelousJ\Documents\Klei
2015-06-17 09:25 - 2015-06-17 09:33 - 00000773 _____ C:\Windows\Cm108.ini.imi
2015-06-17 09:25 - 2015-06-17 09:25 - 00000206 _____ C:\Windows\system\Cm108.ini
2015-06-17 09:25 - 2015-06-17 09:25 - 00000169 _____ C:\Windows\Cm108.ini.cfl
2015-06-17 09:25 - 2015-06-17 09:25 - 00000133 _____ C:\Windows\system\Dlap.pfx
2015-06-17 09:25 - 2015-06-17 09:25 - 00000000 ____D C:\Users\MarvelousJ\Desktop\SteelSeries_USB_Soundcard_1.0.4
2015-06-17 09:25 - 2014-11-19 21:39 - 08757248 ____N (C-Media Corporation) C:\Windows\SysWOW64\CM108.dll
2015-06-17 09:25 - 2014-11-19 21:39 - 01310720 _____ (C-Media Electronics Inc) C:\Windows\system32\Drivers\CM10864.sys
2015-06-17 09:25 - 2014-11-19 21:39 - 00820224 ____N C:\Windows\system32\Cmeau108.exe
2015-06-17 09:25 - 2014-11-19 21:39 - 00524768 _____ (Microsoft Corporation) C:\Windows\difxapi.dll
2015-06-17 09:25 - 2014-11-19 21:39 - 00389120 ____N () C:\Windows\system32\CM108.cpl
2015-06-17 09:25 - 2014-11-19 21:39 - 00359424 ____N C:\Windows\system32\CmiInstallResAll64.dll
2015-06-17 09:25 - 2014-11-19 21:39 - 00315392 _____ (C-Media Electronics Inc.) C:\Windows\system\fltr108.dll
2015-06-17 09:25 - 2014-11-19 21:39 - 00200704 ____N (C-Media) C:\Windows\SysWOW64\cmpa108.dll
2015-06-17 09:25 - 2014-11-19 21:39 - 00143360 ____N C:\Windows\Vmix108.dll
2015-06-17 09:25 - 2014-11-19 21:39 - 00001459 ____N C:\Windows\Cm108.ini.cfg
2015-06-17 09:25 - 2014-11-19 21:39 - 00001353 ____N C:\Windows\cm108.ini
2015-06-17 09:06 - 2015-06-17 09:06 - 00000000 ____D C:\Users\MarvelousJ\Documents\Gunz2
2015-06-17 09:06 - 2015-06-17 09:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-06-17 09:06 - 2015-06-17 09:06 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-06-17 07:27 - 2015-06-17 07:27 - 00000000 ____D C:\Users\MarvelousJ\AppData\Local\AMD
2015-06-17 07:27 - 2015-06-17 07:27 - 00000000 ____D C:\ProgramData\ATI
2015-06-17 07:26 - 2015-06-17 07:26 - 00058610 _____ C:\Windows\SysWOW64\CCCInstall_201506170726532498.log
2015-06-17 07:26 - 2015-06-17 07:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-06-17 07:26 - 2015-06-17 07:26 - 00000000 ____D C:\ProgramData\AMD
2015-06-17 07:26 - 2015-06-17 07:26 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2015-06-17 07:07 - 2015-06-17 07:07 - 00003042 _____ C:\Windows\System32\Tasks\{23D9FEBC-19C6-46CB-B6E0-C7A127C9EA21}
2015-06-17 06:43 - 2015-06-17 06:43 - 00000000 ____D C:\Users\MarvelousJ\Documents\Strife
2015-06-17 06:41 - 2015-06-18 04:25 - 00000000 ____D C:\Users\MarvelousJ\Documents\My Games
2015-06-17 06:36 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-06-17 06:36 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-06-17 06:36 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-06-17 06:36 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-06-17 06:36 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-06-17 06:36 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-06-17 06:36 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-06-17 06:36 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-06-17 06:36 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-06-17 06:36 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-06-17 06:36 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-06-17 06:36 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-06-17 06:36 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-06-17 06:36 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-06-17 06:36 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-06-17 06:36 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-06-17 06:36 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-06-17 06:36 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-06-17 06:36 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-06-17 06:36 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-06-17 06:36 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-06-17 06:36 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-06-17 06:36 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-06-17 06:36 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-06-17 06:36 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-06-17 06:36 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-06-17 06:36 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-06-17 06:36 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-06-17 06:36 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-06-17 06:36 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-06-17 06:36 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-06-17 06:36 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-06-17 06:36 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-06-17 06:36 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-06-17 06:36 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-06-17 06:36 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-06-17 06:36 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-06-17 06:36 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-06-17 06:36 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-06-17 06:36 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-06-17 06:36 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-06-17 06:36 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-06-17 06:36 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-06-17 06:36 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-06-17 06:36 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-06-17 06:36 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-06-17 06:36 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-06-17 06:36 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-06-17 06:36 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-06-17 06:36 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-06-17 06:36 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-06-17 06:36 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-06-17 06:36 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-06-17 06:36 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-06-17 06:36 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-06-17 06:36 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-06-17 06:36 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-06-17 06:36 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-06-17 06:36 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-06-17 06:36 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-06-17 06:36 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-06-17 06:36 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-06-17 06:36 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-06-17 06:36 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-06-17 06:36 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-06-17 06:36 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-06-17 06:36 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-06-17 06:36 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-06-17 06:36 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-06-17 06:36 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-06-17 06:36 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-06-17 06:36 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-06-17 06:36 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-06-17 06:36 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-06-17 06:36 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-06-17 06:36 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-06-17 06:36 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-06-17 06:36 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-06-17 06:36 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-06-17 06:36 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-06-17 06:36 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-06-17 06:36 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-06-17 06:36 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-06-17 06:36 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-06-17 06:36 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-06-17 06:36 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-06-17 06:36 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-06-17 06:36 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-06-17 06:36 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-06-17 06:36 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-06-17 06:36 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-06-17 06:36 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-06-17 06:36 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-06-17 06:36 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-06-17 06:36 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-06-17 06:36 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-06-17 06:36 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-06-17 06:36 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-06-17 06:36 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-06-17 06:36 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-06-17 06:36 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-06-17 06:36 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-06-17 06:36 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-06-17 06:36 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-06-17 06:36 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-06-17 06:36 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-06-17 06:36 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-06-17 06:36 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-06-17 06:36 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-06-17 06:36 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-06-17 06:36 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-06-17 06:36 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-06-17 06:36 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-06-17 06:36 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-06-17 06:36 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-06-17 06:36 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-06-17 06:36 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-06-17 06:36 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-06-17 06:36 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-06-17 06:36 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-06-17 06:36 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-06-17 06:36 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-06-17 06:36 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-06-17 06:36 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-06-17 06:36 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-06-17 06:36 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-06-17 06:36 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-06-17 06:35 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-06-17 06:35 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-06-17 06:35 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-06-17 06:35 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-06-17 06:35 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-06-17 06:35 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-06-17 06:35 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-06-17 06:35 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-06-17 06:35 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-06-17 06:35 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-06-17 06:35 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-06-17 06:35 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-06-17 06:35 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-06-17 06:35 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-06-17 06:35 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-06-17 06:35 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-06-17 06:35 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-06-17 06:35 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-06-17 06:35 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-06-17 06:35 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-06-17 06:35 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-06-17 06:35 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-06-17 06:35 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-06-17 06:35 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-06-17 06:35 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-06-17 06:35 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-06-17 06:35 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-06-17 06:35 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-06-17 06:35 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-06-17 06:35 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-06-17 06:35 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-06-17 06:35 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-06-17 06:35 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-06-17 06:35 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-06-14 17:04 - 2015-06-14 17:04 - 00000458 _____ C:\Users\MarvelousJ\Desktop\Local Disk (E) - Shortcut.lnk
2015-06-14 15:46 - 2015-06-14 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WG111v3 Smart Wizard
2015-06-14 15:46 - 2015-06-14 15:46 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2015-06-14 15:46 - 2015-06-14 15:46 - 00000000 ____D C:\OEMSettings
2015-06-14 15:45 - 2015-06-14 15:45 - 00000000 ____D C:\Windows\Downloaded Installations
2015-06-14 15:45 - 2015-06-14 15:45 - 00000000 ____D C:\Users\MarvelousJ\Desktop\WG111v3 Version 1.5.0 (North America)
2015-06-14 01:13 - 2015-06-29 01:43 - 00001908 _____ C:\Windows\diagwrn.xml
2015-06-14 01:13 - 2015-06-29 01:43 - 00001908 _____ C:\Windows\diagerr.xml
2015-06-14 00:25 - 2015-06-14 00:25 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-06-14 00:22 - 2015-06-14 00:22 - 00001075 _____ C:\Users\MarvelousJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2015-06-14 00:21 - 2015-06-14 00:22 - 00000000 ____D C:\Program Files\Adobe
2015-06-14 00:21 - 2015-06-14 00:21 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2015-06-14 00:20 - 2015-06-14 00:21 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-14 00:20 - 2015-06-14 00:20 - 00001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2015-06-14 00:20 - 2015-06-14 00:20 - 00001357 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2015-06-14 00:18 - 2015-06-14 00:22 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-06-14 00:08 - 2015-06-14 00:17 - 00001534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2015-06-14 00:07 - 2015-06-14 00:15 - 00000000 ____D C:\Users\MarvelousJ\Desktop\Adobe Application Manager 6.2
2015-06-14 00:07 - 2015-06-14 00:07 - 00000000 ____D C:\Users\MarvelousJ\Desktop\Manager
2015-06-14 00:05 - 2015-06-14 00:22 - 00000000 ____D C:\ProgramData\Adobe
2015-06-14 00:04 - 2015-06-14 00:25 - 00000000 ____D C:\Users\MarvelousJ\AppData\Local\Adobe
2015-06-11 23:04 - 2015-06-14 04:31 - 00000000 ____D C:\Windows\Minidump

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-10 01:06 - 2015-06-02 10:57 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-10 01:06 - 2015-06-02 09:31 - 00154107 _____ C:\Windows\WindowsUpdate.log
2015-07-10 01:04 - 2015-06-02 11:34 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-10 01:04 - 2015-06-02 09:56 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-07-10 01:03 - 2015-06-03 06:19 - 00000439 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-07-10 01:03 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-10 00:54 - 2015-06-02 09:35 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2626650183-1144114338-2090188982-1000UA.job
2015-07-10 00:46 - 2015-06-02 11:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-09 19:51 - 2015-06-02 09:44 - 00000000 ____D C:\Program Files\Core Temp
2015-07-09 17:16 - 2015-06-02 09:42 - 00000000 ____D C:\Users\MarvelousJ\AppData\Roaming\uTorrent
2015-07-09 16:54 - 2015-06-03 01:37 - 00000000 ____D C:\Users\MarvelousJ\AppData\Roaming\vlc
2015-07-09 09:53 - 2015-06-02 09:35 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2626650183-1144114338-2090188982-1000Core.job
2015-07-09 06:29 - 2015-06-03 04:57 - 00000000 ____D C:\ProgramData\Riot Games
2015-07-09 06:02 - 2015-06-02 10:37 - 00000000 ____D C:\Users\MarvelousJ\AppData\Local\Spotify
2015-07-09 06:01 - 2015-06-02 10:34 - 00000000 ____D C:\Users\MarvelousJ\AppData\Roaming\Spotify
2015-07-08 07:31 - 2009-07-14 01:13 - 00789450 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-07 17:28 - 2015-06-02 10:41 - 00000000 ____D C:\Program Files\Tor Browser
2015-06-29 04:43 - 2010-11-21 03:16 - 00000000 ____D C:\Windows\ShellNew
2015-06-29 00:33 - 2015-06-02 13:25 - 00000000 ____D C:\Windows\Panther
2015-06-28 08:43 - 2015-06-02 09:48 - 00802052 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-23 06:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-22 20:30 - 2009-07-14 00:45 - 05112216 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-19 20:13 - 2015-06-02 09:47 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-19 19:40 - 2015-06-02 09:35 - 00133472 _____ C:\Users\MarvelousJ\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-18 23:59 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-06-18 23:57 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-06-18 23:56 - 2009-07-13 22:34 - 00000478 _____ C:\Windows\win.ini
2015-06-18 02:29 - 2015-06-04 04:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2015
2015-06-18 02:29 - 2015-06-02 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-06-17 09:25 - 2015-06-02 10:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-17 09:25 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system
2015-06-17 07:26 - 2015-06-02 09:49 - 00000000 ____D C:\Program Files\AMD
2015-06-17 07:25 - 2015-06-02 09:46 - 00000000 ____D C:\Program Files\ATI Technologies
2015-06-17 07:24 - 2015-06-02 09:51 - 00000000 ____D C:\Program Files (x86)\AMD
2015-06-17 07:23 - 2015-06-02 09:45 - 00000000 ____D C:\AMD
2015-06-17 07:03 - 2009-07-14 00:45 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-17 07:03 - 2009-07-14 00:45 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-14 00:25 - 2015-06-02 10:52 - 00000000 ____D C:\Users\MarvelousJ\AppData\Roaming\Adobe

==================== Files in the root of some directories =======

2015-07-09 19:53 - 2015-07-09 19:53 - 0007646 _____ () C:\Users\MarvelousJ\AppData\Local\Resmon.ResmonCfg
2015-06-02 16:42 - 2015-06-02 16:42 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-07-09 16:46 - 2015-07-09 16:46 - 0000006 __RSH () C:\ProgramData\fb5382a616c4c270934d047ad549489e2bf34a9b

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-03 02:54

==================== End of log ============================

Edited by Oh My!, 13 July 2015 - 09:50 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 PM

Posted 13 July 2015 - 10:11 PM

Greetings asterik216 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please consider and do this.

Move FRST.exe onto your Desktop.

Running from E:\Downloads


Can you tell me if this looks familiar?

C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe


===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Rkill

-------------------
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:

Link 1
Link 2
Link 3
Link 4

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\clientsvr.exe" [X]
HKU\S-1-5-21-2626650183-1144114338-2090188982-1000\...\RunOnce: [System Monitor] => C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe [365568 2015-06-04] (Microsoft Corporation)
HKU\S-1-5-21-2626650183-1144114338-2090188982-1000\...\MountPoints2: F - F:\setup64.exe
HKU\S-1-5-21-2626650183-1144114338-2090188982-1000\...\Winlogon: [Shell] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe [365568 2015-06-04] (Microsoft Corporation) <==== ATTENTION
IFEO\AvastSvc.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\AvastUI.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avcenter.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avconfig.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avgidsagent.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avgnt.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avgrsx.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avguard.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avgui.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avp.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avscan.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\bdagent.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\blindman.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\ccuac.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\ComboFix.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\egui.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\hijackthis.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\instup.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\keyscrambler.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\mbam.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\mbamgui.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\mbampt.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\mbamservice.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\MSASCui.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\MsMpEng.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\msseces.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\rstrui.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\SDFiles.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\SDMain.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\SDWinSec.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\spybotsd.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\wireshark.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\zlclient.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
BHO: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CustomCLSID: HKU\S-1-5-21-2626650183-1144114338-2090188982-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\MarvelousJ\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to Ui Mod installer.exe
  • RKill log
  • AdwCleaner log
  • Junkware log
  • Fixlog
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 asterik216

asterik216
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 14 July 2015 - 07:13 PM

Attached File  Fixlog.txt   9.5KB   1 downloads
 
Attached File  JRT.txt   1.17KB   2 downloads
 
Attached File  Rkill.txt   3.63KB   1 downloads
 

 
Attached File  AdwCleanerS0.txt   1.88KB   1 downloads
 
Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by MarvelousJ at 2015-07-14 19:15:41 Run:1
Running from C:\Users\MarvelousJ\Desktop
Loaded Profiles: MarvelousJ (Available Profiles: MarvelousJ)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\clientsvr.exe" [X]
HKU\S-1-5-21-2626650183-1144114338-2090188982-1000\...\RunOnce: [System Monitor] => C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe [365568 2015-06-04] (Microsoft Corporation)
HKU\S-1-5-21-2626650183-1144114338-2090188982-1000\...\MountPoints2: F - F:\setup64.exe
HKU\S-1-5-21-2626650183-1144114338-2090188982-1000\...\Winlogon: [Shell] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe [365568 2015-06-04] (Microsoft Corporation) <==== ATTENTION
IFEO\AvastSvc.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\AvastUI.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avcenter.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avconfig.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avgidsagent.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avgnt.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avgrsx.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avguard.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avgui.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avp.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\avscan.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\bdagent.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\blindman.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\ccuac.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\ComboFix.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\egui.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\hijackthis.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\instup.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\keyscrambler.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\mbam.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\mbamgui.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\mbampt.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\mbamservice.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\MSASCui.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\MsMpEng.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\msseces.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\rstrui.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\SDFiles.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\SDMain.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\SDWinSec.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\spybotsd.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\wireshark.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
IFEO\zlclient.exe: [Debugger] C:\Users\MarvelousJ\Desktop\Ui Mod installer.exe
BHO: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CustomCLSID: HKU\S-1-5-21-2626650183-1144114338-2090188982-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\MarvelousJ\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
HKU\S-1-5-21-2626650183-1144114338-2090188982-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\System Monitor => value not found.
"HKU\S-1-5-21-2626650183-1144114338-2090188982-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully
HKU\S-1-5-21-2626650183-1144114338-2090188982-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe => key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe" => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avscan.exe => key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe" => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\blindman.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe => key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe" => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe" => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDFiles.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDMain.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDWinSec.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe => key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}" => key removed successfully
HKCR\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} => key not found.
HKCR\Wow6432Node\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} => key not found.
VGPU => Service removed successfully
HKU\S-1-5-21-2626650183-1144114338-2090188982-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key not found.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.

==== End of Fixlog 19:15:42 ====

# AdwCleaner v4.111 - Logfile created 11/07/2015 at 20:33:25
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Local]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : MarvelousJ - MARVELOUSJ-PC
# Running from : C:\Users\MarvelousJ\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Google Chrome v

[C:\Users\MarvelousJ\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\MarvelousJ\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://rts.dsrlte.com/?affID=na&q={searchTerms}&r=579
[C:\Users\MarvelousJ\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=22176&r=2015/02/27&hid=15005805675469348629&lg=EN&cc=US&unqvl=84
[C:\Users\MarvelousJ\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\MarvelousJ\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333606&octid=EB_ORIGINAL_CTID&ISID=MC5DB7D08-B6EB-414E-BBCD-D3A2D23CA01E&SearchSource=58&CUI=&UM=8&UP=SP94AECA1C-7525-438B-83E3-D49FC217AF13&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [1852 bytes] - [11/07/2015 20:32:07]
AdwCleaner[S0].txt - [1791 bytes] - [11/07/2015 20:33:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1850  bytes] ##########

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/11/2015 08:15:43 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\ProgramData\376948\sysmon.exe (PID: 3660) [AU-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Backup Registry file created at:
 C:\Users\MarvelousJ\Desktop\rkill\rkill-07-11-2015-08-15-57.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Modified HKCU\...\Winlogon: [Shell] => explorer.exe,"C:\ProgramData\376948\sysmon.exe"

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * C:\Windows\System32\user32.dll : 1,008,640 : 06/02/2015 09:31 AM : 2c353b6ce0c8d03225caa2af33b68d79 [NoSig]
 +-> C:\Windows\SysWOW64\user32.dll : 833,024 : 06/02/2015 09:31 AM : 861c4346f9281dc0380de72c8d55d6be [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1,008,128 : 11/20/2010 11:24 PM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833,024 : 11/20/2010 11:24 PM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]

Checking HOSTS File:

 * No issues found.

Program finished at: 07/11/2015 08:16:10 PM
Execution time: 0 hours(s), 0 minute(s), and 26 seconds(s)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.4 (07.11.2015:2)
OS: Windows 7 Ultimate x64
Ran by MarvelousJ on Sat 07/11/2015 at 22:19:17.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] C:\ProgramData\376948
Successfully deleted: [Folder] C:\ProgramData\377048



~~~ Chrome


[C:\Users\MarvelousJ\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\MarvelousJ\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\MarvelousJ\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\MarvelousJ\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/11/2015 at 22:22:08.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by Oh My!, 14 July 2015 - 09:01 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 PM

Posted 14 July 2015 - 08:13 PM

Greetings,

 

We need to adjust a few things.
 

Please be sure to copy and paste any requested log information unless you are asked to attach it.

 

Reply to Ui Mod installer.exe

 

Regarding the System Summary, please save it with the default file extension rather than change it to .txt.

 

Thank you.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 asterik216

asterik216
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 14 July 2015 - 08:56 PM

I can not upload a .nfo and when I do not have permission to do that. I also do not have permission to paste a ton of text from the logs. The only way it lets me get them for you to view is by attaching them.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 PM

Posted 14 July 2015 - 09:04 PM

The System Summary file was too large.

How is your computer running now?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 asterik216

asterik216
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 15 July 2015 - 08:54 PM

It seems kinda alright now. I do happen to have some .exe's on my desktop that is disabled so I couldn't use them. Well I can't delete them. It says I don't have permission and it wont let me take ownership of them.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 PM

Posted 15 July 2015 - 08:57 PM

What are the file names? Is Ui Mod installer.exe one of them?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 asterik216

asterik216
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 15 July 2015 - 11:44 PM

HijackThis.exe and HijackThis (2).exe  I also can not install malwarebytes. It gives me a run time error. External exception E06D7363

 

Also it wont even let me close out to window that pops up from the error. I have to go into processes and end task that way.


Edited by asterik216, 15 July 2015 - 11:45 PM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 PM

Posted 16 July 2015 - 08:31 AM

OK, do this.

===================================================

GrantPerms by Farbar

--------------------
  • Download GrantPerms for either 32 bit or 64 bit systems and save it to your desktop
  • Unzip the file and launch the program
  • Copy and paste the following in the edit box:

C:\Users\MarvelousJ\Desktop\HijackThis.exe
C:\Users\MarvelousJ\Desktop\HijackThis (2).exe

  • Click Unlock. When it is done click OK
  • Click List Permissions and copy/paste the results of the Perms.txt document in your reply
  • Attempt to delete the files
===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Malwarebytes
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
  • Download Malwarebytes from here and attempt to install it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Were you able to delete the icons?
  • Did Malwarebytes install properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 PM

Posted 19 July 2015 - 08:22 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users