Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something is wrong!


  • This topic is locked This topic is locked
12 replies to this topic

#1 jimmysnack

jimmysnack

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 03 October 2015 - 04:04 PM

Help! Recently my chrome crashes periodically with multiple chrome icons in the taskbar, I did some scans with JRT and Roguekiller. The problem keeps reappearing. I found some issues with IAT hooks but I'm not sure about what to do.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Jimmy Makers on 01/10/2015 at 11:57:51.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_5BBFB23A0C51338D45901EB64AD8FCF0
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Jimmy Makers\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Jimmy Makers\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Jimmy Makers\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Jimmy Makers\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/10/2015 at 12:08:35.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RogueKiller V10.10.7.0 (x64) [Sep 28 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jimmy Makers [Administrator]
Started from : C:\Users\Jimmy Makers\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 10/03/2015 01:19:54
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 8 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\X6va005 (\??\C:\Users\JIMMYM~1\AppData\Local\Temp\00535A4.tmp) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\X6va007 (\??\C:\Users\JIMMYM~1\AppData\Local\Temp\007605A.tmp) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\X6va005 (\??\C:\Users\JIMMYM~1\AppData\Local\Temp\00535A4.tmp) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\X6va007 (\??\C:\Users\JIMMYM~1\AppData\Local\Temp\007605A.tmp) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\X6va005 (\??\C:\Users\JIMMYM~1\AppData\Local\Temp\00535A4.tmp) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\X6va007 (\??\C:\Users\JIMMYM~1\AppData\Local\Temp\007605A.tmp) -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3348164379-2074273684-1757593965-1003\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3348164379-2074273684-1757593965-1003\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer.msn.com  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 22 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll.dll - NtReadFile : Unknown @ 0x71580022 (ret|jmp dword [0x7158001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll.dll - NtWriteFile : Unknown @ 0x71600022 (ret|jmp dword [0x7160001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtRemoveIoCompletion : Unknown @ 0x71400022 (ret|jmp dword [0x7140001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ rooksbas.dll) kernel32.dll - CloseHandle : Unknown @ 0x71500022 (ret|jmp dword [0x7150001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ rooksbas.dll) kernel32.dll - DuplicateHandle : Unknown @ 0x71440022 (ret|jmp dword [0x7144001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ rooksbas.dll) kernel32.dll - CreateProcessW : Unknown @ 0x714c0022 (ret|jmp dword [0x714c001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ rooksbas.dll) kernel32.dll - SetUnhandledExceptionFilter : Unknown @ 0x71ae0022 (ret|jmp dword [0x71ae001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ rooksbas.dll) USER32.dll - PeekMessageW : Unknown @ 0x719b0022 (ret|jmp dword [0x719b001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ rooksbas.dll) USER32.dll - TranslateMessage : Unknown @ 0x71690022 (ret|jmp dword [0x7169001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ rooksbas.dll) USER32.dll - ShowWindow : Unknown @ 0x716d0022 (ret|jmp dword [0x716d001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ SHLWAPI.dll) USER32.dll - SetWindowLongW : Unknown @ 0x71750022 (ret|jmp dword [0x7175001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ SHLWAPI.dll) USER32.dll - SetParent : Unknown @ 0x71790022 (ret|jmp dword [0x7179001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) GDI32.dll - BitBlt : Unknown @ 0x71890022 (ret|jmp dword [0x7189001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ SHELL32.dll) USER32.dll - GetClipboardData : Unknown @ 0x717f0022 (ret|jmp dword [0x717f001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ SHELL32.dll) USER32.dll - SetWindowPos : Unknown @ 0x71710022 (ret|jmp dword [0x7171001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ SHELL32.dll) USER32.dll - BeginPaint : Unknown @ 0x71850022 (ret|jmp dword [0x7185001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ SHELL32.dll) kernel32.dll - CreateIoCompletionPort : Unknown @ 0x715c0022 (ret|jmp dword [0x715c001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ WINTRUST.dll) CRYPT32.dll - CertVerifyCertificateChainPolicy : Unknown @ 0x718d0022 (ret|jmp dword [0x718d001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ RapportUtil.dll) WS2_32.dll - getaddrinfo : Unknown @ 0x71650022 (jmp 0xfaeabd8c|jmp dword [0x7165001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ chrome.dll) ADVAPI32.dll - CreateProcessAsUserW : Unknown @ 0x71480022 (ret|jmp dword [0x7148001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ chrome.dll) kernel32.dll - CreateNamedPipeW : Unknown @ 0x71540022 (ret|jmp dword [0x7154001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ WININET.dll) kernel32.dll - SetFileCompletionNotificationModes : Unknown @ 0x713c0022 (ret|jmp dword [0x713c001e]|jmp 0x10)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10 EARS-22Y5B1 SCSI Disk Device +++++
--- User ---
[MBR] 0f2f0dcf3e083d78788e4c2ba4af422a
[BSP] 9ecc7c73e0c59a98c85ff7b4d12c2dd1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 32770048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 32974848 | Size: 937767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Multiple Flash Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 PM

Posted 04 October 2015 - 08:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please run the RogueKiller tool and clean these items.
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\X6va005 (\??\C:\Users\JIMMYM~1\AppData\Local\Temp\00535A4.tmp) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\X6va007 (\??\C:\Users\JIMMYM~1\AppData\Local\Temp\007605A.tmp) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\X6va005 (\??\C:\Users\JIMMYM~1\AppData\Local\Temp\00535A4.tmp) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\X6va007 (\??\C:\Users\JIMMYM~1\AppData\Local\Temp\007605A.tmp) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\X6va005 (\??\C:\Users\JIMMYM~1\AppData\Local\Temp\00535A4.tmp) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\X6va007 (\??\C:\Users\JIMMYM~1\AppData\Local\Temp\007605A.tmp) -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3348164379-2074273684-1757593965-1003\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer.msn.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3348164379-2074273684-1757593965-1003\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer.msn.com -> Found


===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running now?
Wait for further instructions.

#3 jimmysnack

jimmysnack
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 05 October 2015 - 01:17 PM

RogueKiller V10.10.7.0 (x64) [Sep 28 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jimmy Makers [Administrator]
Started from : C:\Users\Jimmy Makers\Downloads\RogueKillerX64.exe
Mode : Delete -- Date : 10/04/2015 12:52:22
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 12 ¤¤¤
[PUP] (X64) HKEY_USERS\S-1-5-21-3348164379-2074273684-1757593965-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {CCC7A320-B3CA-4199-B1A6-9F516DD69829} :   -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-3348164379-2074273684-1757593965-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {CCC7A320-B3CA-4199-B1A6-9F516DD69829} :   -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\X6va005 (\??\C:\Users\JIMMYM~1\AppData\Local\Temp\00535A4.tmp) -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\X6va007 (\??\C:\Users\JIMMYM~1\AppData\Local\Temp\007605A.tmp) -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\X6va005 (\??\C:\Users\JIMMYM~1\AppData\Local\Temp\00535A4.tmp) -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\X6va007 (\??\C:\Users\JIMMYM~1\AppData\Local\Temp\007605A.tmp) -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\X6va005 (\??\C:\Users\JIMMYM~1\AppData\Local\Temp\00535A4.tmp) -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\X6va007 (\??\C:\Users\JIMMYM~1\AppData\Local\Temp\007605A.tmp) -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3348164379-2074273684-1757593965-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://acer.msn.com  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3348164379-2074273684-1757593965-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://acer.msn.com  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3348164379-2074273684-1757593965-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer.msn.com  -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3348164379-2074273684-1757593965-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer.msn.com  -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 22 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll.dll - NtReadFile : Unknown @ 0x71580022 (ret|jmp dword [0x7158001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll.dll - NtWriteFile : Unknown @ 0x71600022 (ret|jmp dword [0x7160001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtRemoveIoCompletion : Unknown @ 0x71400022 (ret|jmp dword [0x7140001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ rooksbas.dll) kernel32.dll - CloseHandle : Unknown @ 0x71500022 (ret|jmp dword [0x7150001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ rooksbas.dll) kernel32.dll - DuplicateHandle : Unknown @ 0x71440022 (ret|jmp dword [0x7144001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ rooksbas.dll) kernel32.dll - CreateProcessW : Unknown @ 0x714c0022 (ret|jmp dword [0x714c001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ rooksbas.dll) kernel32.dll - SetUnhandledExceptionFilter : Unknown @ 0x71ae0022 (ret|jmp dword [0x71ae001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ rooksbas.dll) USER32.dll - PeekMessageW : Unknown @ 0x719b0022 (ret|jmp dword [0x719b001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ rooksbas.dll) USER32.dll - TranslateMessage : Unknown @ 0x71690022 (ret|jmp dword [0x7169001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ rooksbas.dll) USER32.dll - ShowWindow : Unknown @ 0x716d0022 (ret|jmp dword [0x716d001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ SHLWAPI.dll) USER32.dll - SetWindowLongW : Unknown @ 0x71750022 (ret|jmp dword [0x7175001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ SHLWAPI.dll) USER32.dll - SetParent : Unknown @ 0x71790022 (ret|jmp dword [0x7179001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) GDI32.dll - BitBlt : Unknown @ 0x71890022 (ret|jmp dword [0x7189001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ SHELL32.dll) USER32.dll - GetClipboardData : Unknown @ 0x717f0022 (ret|jmp dword [0x717f001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ SHELL32.dll) USER32.dll - SetWindowPos : Unknown @ 0x71710022 (ret|jmp dword [0x7171001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ SHELL32.dll) USER32.dll - BeginPaint : Unknown @ 0x71850022 (ret|jmp dword [0x7185001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ SHELL32.dll) kernel32.dll - CreateIoCompletionPort : Unknown @ 0x715c0022 (ret|jmp dword [0x715c001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ WINTRUST.dll) CRYPT32.dll - CertVerifyCertificateChainPolicy : Unknown @ 0x718d0022 (ret|jmp dword [0x718d001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ RapportUtil.dll) WS2_32.dll - getaddrinfo : Unknown @ 0x71650022 (jmp 0xfa84bd8c|jmp dword [0x7165001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ chrome.dll) ADVAPI32.dll - CreateProcessAsUserW : Unknown @ 0x71480022 (ret|jmp dword [0x7148001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ chrome.dll) kernel32.dll - CreateNamedPipeW : Unknown @ 0x71540022 (ret|jmp dword [0x7154001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ WININET.dll) kernel32.dll - SetFileCompletionNotificationModes : Unknown @ 0x713c0022 (ret|jmp dword [0x713c001e]|jmp 0x10)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10 EARS-22Y5B1 SCSI Disk Device +++++
--- User ---
[MBR] 0f2f0dcf3e083d78788e4c2ba4af422a
[BSP] 9ecc7c73e0c59a98c85ff7b4d12c2dd1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 32770048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 32974848 | Size: 937767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Multiple Flash Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 04/10/2015
Scan Time: 11:42 AM
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.10.04.03
Rootkit Database: v2015.10.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jimmy Makers
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 532184
Time Elapsed: 1 hr, 48 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
# AdwCleaner v5.008 - Logfile created 05/10/2015 at 13:59:53
# Updated 18/09/2015 by Xplode
# Database : 2015-10-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Jimmy Makers - OWNER-PC
# Running from : C:\Users\Jimmy Makers\Desktop\adwcleaner_5.008.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{525F116F-04AD-40A2-AE2F-A0C4E1AFEF98}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9852A670-F845-491B-9BE6-EBD841B8A613}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ACE4747B-35BD-4E97-9DD7-1D4245B0695C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CE77C59C-CFD2-429F-868C-8B04D23F94CA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F544E0F5-CA3C-47EA-A64D-35FCF1602396}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{525F116F-04AD-40A2-AE2F-A0C4E1AFEF98}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9852A670-F845-491B-9BE6-EBD841B8A613}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{ACE4747B-35BD-4E97-9DD7-1D4245B0695C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CE77C59C-CFD2-429F-868C-8B04D23F94CA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F544E0F5-CA3C-47EA-A64D-35FCF1602396}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Jimmy Makers\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=48&CUI=UN42194828952316214&UM=2&UP=SPA984A314-EE1F-4BBD-89B3-422104DA63C6&SSPV=
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1761 bytes] ##########

Performing the farbar scan soon, chrome still crashing :(



#4 jimmysnack

jimmysnack
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 05 October 2015 - 11:48 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Jimmy Makers (administrator) on OWNER-PC (06-10-2015 00:41:50)
Running from C:\Users\Jimmy Makers\Downloads
Loaded Profiles: Jimmy Makers (Available Profiles: OWNER & Jimmy Makers)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
() C:\Program Files (x86)\D-Link\DWA-160\ANIWConnService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLaunchaer.exe
(Akamai Technologies, Inc.) C:\Users\Jimmy Makers\AppData\Local\Akamai\netsession_win.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Akamai Technologies, Inc.) C:\Users\Jimmy Makers\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-160\AirNCFG.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Jimmy Makers\Desktop\Gam\League of Legends  1100\RADS\system\rads_user_kernel.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Jimmy Makers\Desktop\Gam\League of Legends  1100\RADS\projects\lol_launcher\releases\0.0.1.0\deploy\LoLLauncher.exe
() C:\Users\Jimmy Makers\Desktop\Gam\League of Legends  1100\RADS\projects\lol_patcher\releases\0.0.0.40\deploy\LoLPatcher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Users\Jimmy Makers\Desktop\Gam\League of Legends  1100\RADS\projects\lol_air_client\releases\0.0.1.161\deploy\LolClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [2306448 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [614400 2009-08-14] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [D-Link D-Link DWA-125] => C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe [1074496 2011-06-10] (D-Link Corp.)
HKLM-x32\...\Run: [D-Link D-Link Wireless N Dual Band DWA-160 ] => C:\Program Files (x86)\D-Link\DWA-160\AirNCFG.exe [1078592 2011-11-02] (D-Link Corp.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [EsternTimesMouseExRun] => C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe [3353600 2014-01-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\...\Run: [Akamai NetSession Interface] => C:\Users\Jimmy Makers\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\...\Run: [Google Update] => C:\Users\Jimmy Makers\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\...\Run: [GoogleChromeAutoLaunch_5BBFB23A0C51338D45901EB64AD8FCF0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-23] (Google Inc.)
HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\...\MountPoints2: {b876c32e-35c0-11e2-962e-00262d4b032d} - G:\LGAutoRun.exe
HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
IFEO\airncfg.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ausetting.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\d-link wizard.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\greg.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\hamachi-2-ui.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ncc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\xboxstat.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-26] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-26] (Egis Technology Inc.)
Startup: C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-02-24]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{0413CD04-824E-4C5A-B7BF-80E234A5FBBA}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{0B47D2C2-3636-4E51-B6DA-6EEF1042FFAC}: [NameServer] 208.67.222.222
Tcpip\..\Interfaces\{85473FFC-EBED-4468-B993-6D977625DA98}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{94FDE99B-FFC9-43BF-A42C-593A858262C8}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {552D5E29-A788-89DA-D0C9-455E1A0F6995} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3348164379-2074273684-1757593965-1003 -> DefaultScope {7844EA92-848C-4B9D-B721-C7322A9108B3} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3348164379-2074273684-1757593965-1003 -> Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233}
SearchScopes: HKU\S-1-5-21-3348164379-2074273684-1757593965-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3348164379-2074273684-1757593965-1003 -> {7844EA92-848C-4B9D-B721-C7322A9108B3} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-01] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2013-10-03] (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3348164379-2074273684-1757593965-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jimmy Makers\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3348164379-2074273684-1757593965-1003: @talk.google.com/O1DPlugin -> C:\Users\Jimmy Makers\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3348164379-2074273684-1757593965-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Jimmy Makers\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3348164379-2074273684-1757593965-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Jimmy Makers\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3348164379-2074273684-1757593965-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jimmy Makers\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-11-12] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll [2010-07-28] (NHN USA Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jimmy Makers\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jimmy Makers\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=48&CUI=UN42194828952316214&UM=2&UP=SPA984A314-EE1F-4BBD-89B3-422104DA63C6&SSPV=
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Jimmy Makers\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Jimmy Makers\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Jimmy Makers\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-16]
CHR Extension: (YouTube) - C:\Users\Jimmy Makers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-16]
CHR Extension: (Adblock Plus) - C:\Users\Jimmy Makers\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-16]
CHR Extension: (Google Search) - C:\Users\Jimmy Makers\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-16]
CHR Extension: (Tampermonkey) - C:\Users\Jimmy Makers\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-12-01]
CHR Extension: (LoungeDestroyer) - C:\Users\Jimmy Makers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2014-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\Jimmy Makers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jimmy Makers\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jimmy Makers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-16]
CHR Extension: (Gmail) - C:\Users\Jimmy Makers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-16]
CHR HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-06] () [File not signed]
S4 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
R2 D-Link Wireless N Dual Band DWA-160 _WPS; C:\Program Files (x86)\D-Link\DWA-160\ANIWConnService.exe [53248 2010-07-12] () [File not signed]
S4 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-07-12] () [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4012424 2010-11-23] (INCA Internet Co., Ltd.) [File not signed]
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-22] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2014-08-01] ()
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-09-16] (IBM Corp.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2973400 2015-08-04] (AVG Technologies)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [44760 2015-08-04] (AVG Technologies)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [36568 2015-08-04] (AVG Technologies)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [666720 2012-11-15] (Wellbia.com Co., Ltd.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313264 2015-08-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1660480 2011-09-09] (Ralink Technology Corp.)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) [File not signed]
R1 RapportCerberus_1507072; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507072.sys [959416 2015-09-21] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500184 2015-09-16] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-09-16] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-09-16] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489240 2015-09-16] (IBM Corp.)
S2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-02-23] (Samsung Electronics)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 uqk; \??\C:\koramgame\STOnline\avital\wyqku64.sys [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-06 00:41 - 2015-10-06 00:42 - 00030241 _____ C:\Users\Jimmy Makers\Downloads\FRST.txt
2015-10-06 00:32 - 2015-10-06 00:41 - 00000000 ____D C:\FRST
2015-10-05 18:55 - 2015-10-05 18:56 - 00000000 ____D C:\Users\OWNER\AppData\Local\{CC825049-33C3-4598-9E6C-3934BE3C7148}
2015-10-05 14:16 - 2015-10-05 14:16 - 02193920 _____ (Farbar) C:\Users\Jimmy Makers\Downloads\FRST64.exe
2015-10-04 09:04 - 2015-10-04 09:05 - 00000000 ____D C:\Users\OWNER\AppData\Local\{391C128E-29A6-4767-9A57-72137D76C0D6}
2015-10-03 23:05 - 2015-10-04 16:30 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-03 23:04 - 2015-10-03 23:04 - 00001070 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-03 23:04 - 2015-10-03 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-03 23:04 - 2015-10-03 23:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-03 23:04 - 2015-10-03 23:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-03 23:04 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-03 23:04 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-03 23:04 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-10-03 02:12 - 2015-10-05 14:08 - 00020468 _____ C:\Users\Jimmy Makers\Desktop\rk_9042.tmp.txt
2015-10-02 22:32 - 2015-10-02 22:32 - 00001888 _____ C:\Users\Jimmy Makers\Downloads\ATT00001.htm
2015-10-02 14:47 - 2015-10-05 13:25 - 00000000 ____D C:\Users\Jimmy Makers\AppData\Local\CrashDumps
2015-10-02 13:27 - 2015-10-02 13:27 - 00002762 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2015-10-01 02:42 - 2015-10-04 11:40 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-10-01 02:42 - 2015-10-01 02:54 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-01 02:10 - 2015-10-01 02:10 - 22749768 _____ C:\Users\Jimmy Makers\Downloads\RogueKillerX64.exe
2015-10-01 01:25 - 2015-10-01 01:25 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Jimmy Makers\Downloads\tdsskiller.exe
2015-09-27 11:19 - 2015-09-27 11:20 - 00000000 ____D C:\Users\OWNER\AppData\Local\{53D92F5C-47AA-4D21-BF27-7E2FD8FDD122}
2015-09-23 17:02 - 2015-10-05 13:59 - 00000000 ____D C:\AdwCleaner
2015-09-23 16:57 - 2015-09-23 16:57 - 01662976 _____ C:\Users\Jimmy Makers\Desktop\adwcleaner_5.008.exe
2015-09-23 15:57 - 2015-09-23 15:57 - 01800512 _____ (Malwarebytes) C:\Users\Jimmy Makers\Desktop\JRT.exe
2015-09-21 18:26 - 2015-09-21 18:26 - 00000000 ____D C:\Recovery
2015-09-19 18:06 - 2015-09-19 18:07 - 00000000 ____D C:\Users\OWNER\AppData\Local\{D4D16317-A146-4070-9E6B-F91DE28B1F40}
2015-09-19 00:45 - 2015-10-03 02:14 - 00000000 ____D C:\Users\Jimmy Makers\Desktop\PSYD51
2015-09-15 01:44 - 2015-10-03 13:05 - 00000000 ____D C:\Users\Jimmy Makers\Desktop\PSYD20
2015-09-13 13:12 - 2015-09-13 13:13 - 00000000 ____D C:\Users\OWNER\AppData\Local\{3276A957-910E-4091-B363-CB09DAF87439}
2015-09-13 12:27 - 2015-09-23 16:01 - 00000000 ____D C:\Users\Jimmy Makers\Desktop\PSYB20
2015-09-10 02:58 - 2015-09-24 10:16 - 00000000 ___HD C:\$Windows.~BT
2015-09-09 00:33 - 2015-08-17 21:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 00:33 - 2015-08-17 21:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 00:33 - 2015-08-15 02:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 00:33 - 2015-08-15 02:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 00:33 - 2015-08-15 02:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 00:33 - 2015-08-15 02:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 00:33 - 2015-08-15 02:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 00:33 - 2015-08-15 02:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 00:33 - 2015-08-15 02:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 00:33 - 2015-08-15 02:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 00:33 - 2015-08-15 02:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 00:33 - 2015-08-15 02:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 00:33 - 2015-08-15 02:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 00:33 - 2015-08-15 02:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 00:33 - 2015-08-15 02:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 00:33 - 2015-08-15 02:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 00:33 - 2015-08-15 02:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 00:33 - 2015-08-15 02:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 00:33 - 2015-08-15 02:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 00:33 - 2015-08-15 02:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 00:33 - 2015-08-15 01:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 00:33 - 2015-08-15 01:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-09 00:33 - 2015-08-15 01:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 00:33 - 2015-08-15 01:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 00:33 - 2015-08-15 01:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 00:33 - 2015-08-15 01:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 00:33 - 2015-08-15 01:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 00:33 - 2015-08-15 01:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-09 00:33 - 2015-08-15 01:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-09 00:33 - 2015-08-15 01:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 00:33 - 2015-08-15 01:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-09 00:33 - 2015-08-15 01:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-09 00:33 - 2015-08-15 01:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 00:33 - 2015-08-15 01:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-09 00:33 - 2015-08-15 01:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-09 00:33 - 2015-08-15 01:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-09 00:33 - 2015-08-15 01:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 00:33 - 2015-08-15 01:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-09 00:33 - 2015-08-15 01:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-09 00:33 - 2015-08-15 01:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 00:33 - 2015-08-15 01:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 00:33 - 2015-08-15 01:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 00:33 - 2015-08-15 01:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 00:33 - 2015-08-15 01:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-09 00:33 - 2015-08-15 01:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 00:33 - 2015-08-15 01:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-09 00:33 - 2015-08-15 01:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-09 00:33 - 2015-08-15 01:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-09 00:33 - 2015-08-15 01:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-09 00:33 - 2015-08-15 01:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 00:33 - 2015-08-15 01:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 00:33 - 2015-08-15 01:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 00:33 - 2015-08-15 01:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 00:33 - 2015-08-15 01:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 00:33 - 2015-08-15 01:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-09 00:33 - 2015-08-15 00:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 00:33 - 2015-08-15 00:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 00:33 - 2015-08-15 00:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 00:33 - 2015-08-15 00:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 00:33 - 2015-08-15 00:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 00:08 - 2015-08-05 13:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 00:08 - 2015-08-05 13:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 00:08 - 2015-08-05 13:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 00:08 - 2015-08-05 13:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-09 00:08 - 2015-07-09 13:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-09 00:08 - 2015-07-09 13:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-09 00:08 - 2015-07-09 13:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-09 00:08 - 2015-07-09 13:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-09 00:06 - 2015-06-25 06:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-09 00:06 - 2015-06-25 06:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 00:06 - 2015-06-25 06:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-09 00:06 - 2015-06-25 05:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-09 00:04 - 2015-07-14 23:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-09 00:04 - 2015-07-14 22:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-09 00:02 - 2015-08-04 14:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-09 00:02 - 2015-08-04 14:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-09 00:02 - 2015-08-04 13:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 00:02 - 2015-08-04 13:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 00:02 - 2015-08-04 13:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 00:02 - 2015-08-04 13:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 00:02 - 2015-08-04 13:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 00:02 - 2015-08-04 13:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-09 00:02 - 2015-08-04 12:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-08 23:30 - 2015-07-22 20:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-08 23:30 - 2015-07-22 20:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-08 23:30 - 2015-07-22 20:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-08 23:30 - 2015-07-22 20:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-08 23:30 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-08 23:30 - 2015-07-22 13:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-08 23:30 - 2015-07-22 12:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-08 23:29 - 2015-07-22 20:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-08 23:29 - 2015-07-22 20:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-08 23:29 - 2015-07-22 20:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-08 23:29 - 2015-07-22 20:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-08 23:29 - 2015-07-22 20:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-08 23:29 - 2015-07-22 20:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-08 23:29 - 2015-07-22 20:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-08 23:29 - 2015-07-22 20:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-08 23:29 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-08 23:29 - 2015-07-22 20:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-08 23:29 - 2015-07-22 20:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-08 23:29 - 2015-07-22 20:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-08 23:29 - 2015-07-22 20:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-08 23:29 - 2015-07-22 20:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-08 23:29 - 2015-07-22 20:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-08 23:29 - 2015-07-22 20:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-08 23:29 - 2015-07-22 20:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-08 23:29 - 2015-07-22 20:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-08 23:29 - 2015-07-22 20:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-08 23:29 - 2015-07-22 20:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-08 23:29 - 2015-07-22 20:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-08 23:29 - 2015-07-22 20:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-08 23:29 - 2015-07-22 20:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-08 23:29 - 2015-07-22 20:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-08 23:29 - 2015-07-22 20:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-08 23:29 - 2015-07-22 20:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-08 23:29 - 2015-07-22 20:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-08 23:29 - 2015-07-22 20:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-08 23:29 - 2015-07-22 20:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-08 23:29 - 2015-07-22 20:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-08 23:29 - 2015-07-22 19:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-08 23:29 - 2015-07-22 13:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-08 23:29 - 2015-07-22 13:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-08 23:29 - 2015-07-22 13:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-08 23:29 - 2015-07-22 13:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-08 23:29 - 2015-07-22 13:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-08 23:29 - 2015-07-22 13:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-08 23:29 - 2015-07-22 13:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-08 23:29 - 2015-07-22 13:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-08 23:29 - 2015-07-22 13:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-08 23:29 - 2015-07-22 13:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-08 23:29 - 2015-07-22 13:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-08 23:29 - 2015-07-22 13:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-08 23:29 - 2015-07-22 13:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-08 23:29 - 2015-07-22 13:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-08 23:29 - 2015-07-22 13:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-08 23:29 - 2015-07-22 13:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-08 23:29 - 2015-07-22 13:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-08 23:29 - 2015-07-22 13:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-08 23:29 - 2015-07-22 13:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-08 23:29 - 2015-07-22 13:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-08 23:29 - 2015-07-22 13:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 12:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-08 23:29 - 2015-07-22 12:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-08 23:29 - 2015-07-22 12:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-08 23:29 - 2015-07-22 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-08 23:29 - 2015-07-22 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-08 23:28 - 2015-07-22 19:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-08 23:28 - 2015-07-22 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-08 23:28 - 2015-07-22 19:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-08 23:28 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-08 23:28 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-08 23:28 - 2015-07-22 19:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-08 23:28 - 2015-07-22 13:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-08 23:28 - 2015-07-22 13:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-08 23:28 - 2015-07-22 13:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-08 23:28 - 2015-07-22 13:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-08 23:28 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-08 23:28 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-08 23:28 - 2015-07-22 12:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-08 23:28 - 2015-07-22 12:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-08 23:28 - 2015-07-22 12:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-08 23:22 - 2015-09-01 23:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-08 23:22 - 2015-09-01 23:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 23:22 - 2015-09-01 23:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-08 23:22 - 2015-09-01 23:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-08 23:22 - 2015-09-01 22:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-08 23:22 - 2015-09-01 22:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-08 23:22 - 2015-09-01 22:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-08 23:22 - 2015-09-01 22:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-08 23:22 - 2015-09-01 21:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-08 23:22 - 2015-09-01 21:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 23:22 - 2015-09-01 21:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-08 23:22 - 2015-08-27 14:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-08 23:22 - 2015-08-27 14:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-08 23:22 - 2015-08-27 14:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-08 23:22 - 2015-08-27 14:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-08 23:22 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-08 23:22 - 2015-08-27 13:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-08 23:22 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-08 23:22 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-08 23:22 - 2015-08-26 14:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-08 23:22 - 2015-08-26 14:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-08 23:22 - 2015-08-26 14:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-08 23:22 - 2015-08-26 14:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-08 23:22 - 2015-08-26 14:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-08 23:22 - 2015-08-26 14:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-08 23:22 - 2015-08-26 14:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-08 23:22 - 2015-08-26 14:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-08 23:22 - 2015-08-26 14:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-08 23:22 - 2015-08-26 14:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-08 23:22 - 2015-08-26 14:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-08 23:22 - 2015-08-26 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-08 23:22 - 2015-08-26 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-08 23:22 - 2015-08-26 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-08 23:22 - 2015-08-26 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-08 23:22 - 2015-08-26 13:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-08 17:58 - 2015-09-08 17:59 - 00000000 ____D C:\Users\OWNER\AppData\Local\{BC62825B-B551-435B-A5D7-553BE4F5C974}
2015-09-07 12:25 - 2015-09-30 00:42 - 00000000 ____D C:\Users\Jimmy Makers\Desktop\PSYC85
2015-09-06 21:52 - 2015-09-06 21:53 - 00000000 ____D C:\Users\OWNER\AppData\Local\{CB20974F-1D16-48E5-838E-92C70E1B24C3}
2015-09-06 08:37 - 2015-09-06 08:38 - 00000000 ____D C:\Users\OWNER\AppData\Local\{2EDAE837-6B37-429A-AA8F-1F31FA97A684}
2015-09-06 08:29 - 2015-09-06 08:29 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Sun
2015-09-06 08:29 - 2015-09-06 08:29 - 00000000 ____D C:\Users\OWNER\.oracle_jre_usage
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-06 00:42 - 2015-04-10 14:33 - 02516531 _____ C:\Windows\setupact.log
2015-10-06 00:34 - 2009-07-07 03:51 - 01664724 _____ C:\Windows\WindowsUpdate.log
2015-10-06 00:33 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-06 00:33 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-06 00:27 - 2014-10-16 16:11 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-06 00:24 - 2012-03-30 20:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-06 00:24 - 2011-01-04 23:20 - 00000000 ____D C:\ProgramData\MFAData
2015-10-06 00:20 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-05 19:08 - 2014-10-16 16:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-05 18:58 - 2011-01-03 16:24 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CF3E1243-A0F3-4A20-BCC5-59BE0CA6C1F6}
2015-10-05 18:55 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-05 13:57 - 2010-12-27 20:55 - 00000000 ____D C:\Users\Jimmy Makers
2015-10-05 13:46 - 2012-03-30 20:14 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3348164379-2074273684-1757593965-1003UA.job
2015-10-05 13:24 - 2011-01-02 23:01 - 00000099 _____ C:\Users\Public\LMDebug.log
2015-10-05 11:20 - 2012-11-16 03:01 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1D5CB1A2-BB46-4CF8-95D7-EFF70B1EC41B}
2015-10-04 08:51 - 2015-04-10 20:35 - 00048938 _____ C:\Windows\PFRO.log
2015-10-03 23:46 - 2012-03-30 20:14 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3348164379-2074273684-1757593965-1003Core.job
2015-10-01 01:49 - 2013-04-10 13:49 - 00147842 _____ C:\Users\Jimmy Makers\Downloads\OTL.Txt
2015-10-01 01:21 - 2012-12-19 23:04 - 00000000 ____D C:\Users\Jimmy Makers\AppData\Roaming\LolClient
2015-09-30 01:57 - 2012-11-22 16:29 - 00000000 ____D C:\Users\Jimmy Makers\Documents\Nexus Mod Manager
2015-09-30 00:55 - 2011-11-18 19:13 - 00000000 ____D C:\Users\Jimmy Makers\AppData\Local\Skyrim
2015-09-29 02:58 - 2013-07-12 22:29 - 00001062 _____ C:\Users\Jimmy Makers\Desktop\TODO.txt
2015-09-27 13:28 - 2014-12-02 19:39 - 00000894 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2015-09-27 13:28 - 2014-12-02 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-09-27 13:27 - 2012-11-22 16:28 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2015-09-27 13:10 - 2014-10-16 16:14 - 00002147 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-24 10:28 - 2007-07-11 21:49 - 00000000 ____D C:\Windows\Panther
2015-09-23 18:20 - 2010-12-30 16:05 - 00000000 ____D C:\Users\Jimmy Makers\AppData\Roaming\Skype
2015-09-23 14:20 - 2012-01-05 18:09 - 00000000 ____D C:\Users\Jimmy Makers\AppData\Local\Akamai
2015-09-22 13:23 - 2011-01-05 17:58 - 00000000 ____D C:\Users\Jimmy Makers\AppData\Local\Microsoft Help
2015-09-21 15:24 - 2012-03-30 20:08 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-21 15:24 - 2012-03-30 20:08 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-21 15:24 - 2011-05-26 15:53 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-21 14:42 - 2013-08-20 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-09-21 13:44 - 2015-08-09 18:44 - 00002300 _____ C:\Windows\DtcInstall.log
2015-09-21 13:40 - 2015-08-09 18:44 - 00003127 _____ C:\Windows\comsetup.log
2015-09-21 13:39 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-09-21 13:34 - 2015-08-09 18:40 - 00005655 _____ C:\Windows\diagerr.xml
2015-09-21 13:34 - 2015-08-09 18:40 - 00003813 _____ C:\Windows\diagwrn.xml
2015-09-21 13:34 - 2015-04-10 14:33 - 00000987 _____ C:\Windows\setuperr.log
2015-09-19 18:18 - 2011-08-21 13:33 - 00000000 ____D C:\Users\OWNER\Documents\mak
2015-09-19 18:10 - 2013-11-03 08:46 - 00000000 ____D C:\Users\OWNER\AppData\Local\Google
2015-09-18 14:31 - 2014-11-10 12:53 - 00000000 ____D C:\Users\Jimmy Makers\Desktop\GO TO BED
2015-09-18 14:31 - 2012-11-24 14:42 - 00000000 ____D C:\Users\Jimmy Makers\Desktop\Jess
2015-09-16 23:41 - 2012-03-30 20:14 - 00003920 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3348164379-2074273684-1757593965-1003UA
2015-09-16 23:41 - 2012-03-30 20:14 - 00003524 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3348164379-2074273684-1757593965-1003Core
2015-09-16 23:05 - 2014-10-20 11:56 - 00000929 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-09-16 23:05 - 2014-03-31 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-09-16 15:39 - 2015-06-06 09:58 - 00139896 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2015-09-16 15:39 - 2012-07-14 08:17 - 00394584 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2015-09-15 14:03 - 2014-10-16 16:11 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 14:03 - 2014-10-16 16:11 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-14 19:48 - 2012-03-30 20:14 - 00000000 ____D C:\Users\Jimmy Makers\AppData\Local\Google
2015-09-12 13:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-09-09 12:28 - 2009-07-14 00:45 - 00411456 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 12:25 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 12:25 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-09 03:03 - 2011-01-05 17:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 03:02 - 2013-08-14 03:02 - 00000000 ____D C:\Windows\system32\MRT
2015-09-07 14:10 - 2014-09-08 01:44 - 00021205 _____ C:\Users\Jimmy Makers\Desktop\Work 2.xlsx
2015-09-06 08:29 - 2010-12-27 20:08 - 00000000 ____D C:\Users\OWNER
 
==================== Files in the root of some directories =======
 
2013-09-11 18:40 - 2013-09-11 19:06 - 0000253 _____ () C:\Users\Jimmy Makers\AppData\Roaming\ANICONFIG_{0003A472-564C-48BC-9B02-7EA1B5D440F8}.ini
2013-11-19 00:56 - 2013-11-19 01:00 - 0000258 _____ () C:\Users\Jimmy Makers\AppData\Roaming\ANICONFIG_{0413CD04-824E-4C5A-B7BF-80E234A5FBBA}.ini
2013-09-11 23:08 - 2013-09-11 23:12 - 0000258 _____ () C:\Users\Jimmy Makers\AppData\Roaming\ANICONFIG_{524A0150-EAEC-415A-90A0-3CB23A2E1530}.ini
2011-08-14 23:32 - 2013-08-25 16:01 - 0045270 _____ () C:\Users\Jimmy Makers\AppData\Roaming\room_v3.dat
2014-10-09 00:51 - 2014-10-09 00:51 - 0000103 _____ () C:\Users\Jimmy Makers\AppData\Roaming\settings.xml
2013-04-03 14:08 - 2013-04-03 14:08 - 0013491 _____ () C:\Users\Jimmy Makers\AppData\Roaming\UserTile.png
2012-10-27 00:56 - 2012-11-02 15:31 - 0007168 _____ () C:\Users\Jimmy Makers\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-01-05 02:39 - 2011-01-05 02:39 - 1671244 _____ () C:\Users\Jimmy Makers\AppData\Local\Q$_140066.ENU_SoftGridUserSettings_settings.cp.temp
2009-07-07 04:00 - 2009-07-07 04:04 - 0015545 _____ () C:\ProgramData\ArcadeDeluxe4.log
2012-11-15 00:05 - 2012-11-15 00:06 - 0000090 _____ () C:\ProgramData\PS.log
2012-03-07 22:39 - 2012-03-07 22:39 - 0000000 _____ () C:\ProgramData\SEC12E5.tmp
2012-03-08 00:18 - 2012-03-08 00:18 - 0000000 _____ () C:\ProgramData\SEC1C99.tmp
2012-03-07 22:42 - 2012-03-07 22:42 - 0000000 _____ () C:\ProgramData\SEC5A50.tmp
2012-03-07 22:53 - 2012-03-07 22:53 - 0000000 _____ () C:\ProgramData\SEC60B5.tmp
2012-03-07 23:48 - 2012-03-07 23:48 - 0000000 _____ () C:\ProgramData\SEC7BD4.tmp
2012-03-07 23:43 - 2012-03-07 23:43 - 0000000 _____ () C:\ProgramData\SECBC6C.tmp
2012-03-07 21:20 - 2012-03-07 21:20 - 0000000 _____ () C:\ProgramData\SECE31D.tmp
2012-03-07 23:40 - 2012-03-07 23:40 - 0000000 _____ () C:\ProgramData\SECEEE.tmp
 
Files to move or delete:
====================
C:\Users\Jimmy Makers\createfileassoc.exe
C:\Users\Jimmy Makers\error_report.exe
C:\Users\Jimmy Makers\libeay32.dll
C:\Users\Jimmy Makers\msvcp110.dll
C:\Users\Jimmy Makers\msvcr110.dll
C:\Users\Jimmy Makers\OverwolfTeamSpeakInstaller.exe
C:\Users\Jimmy Makers\package_inst.exe
C:\Users\Jimmy Makers\Qt5Core.dll
C:\Users\Jimmy Makers\Qt5Gui.dll
C:\Users\Jimmy Makers\Qt5Network.dll
C:\Users\Jimmy Makers\Qt5Sql.dll
C:\Users\Jimmy Makers\Qt5Widgets.dll
C:\Users\Jimmy Makers\quazip.dll
C:\Users\Jimmy Makers\ssleay32.dll
C:\Users\Jimmy Makers\ts3client_win32.exe
C:\Users\Jimmy Makers\Uninstall.exe
 
 
Some files in TEMP:
====================
C:\Users\Jimmy Makers\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Jimmy Makers\AppData\Local\Temp\drm_dyndata_7380007.dll
C:\Users\Jimmy Makers\AppData\Local\Temp\GURC5AE.exe
C:\Users\Jimmy Makers\AppData\Local\Temp\GURCC43.exe
C:\Users\Jimmy Makers\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Jimmy Makers\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Jimmy Makers\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Jimmy Makers\AppData\Local\Temp\Nexus Mod Manager-0.53.2.exe
C:\Users\Jimmy Makers\AppData\Local\Temp\Nexus Mod Manager-0.60.8.exe
C:\Users\Jimmy Makers\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jimmy Makers\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-01 10:55
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Jimmy Makers (2015-10-06 00:43:18)
Running from C:\Users\Jimmy Makers\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2010-12-28 00:08:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3348164379-2074273684-1757593965-500 - Administrator - Disabled)
Guest (S-1-5-21-3348164379-2074273684-1757593965-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3348164379-2074273684-1757593965-1002 - Limited - Enabled)
Jimmy Makers (S-1-5-21-3348164379-2074273684-1757593965-1003 - Administrator - Enabled) => C:\Users\Jimmy Makers
OWNER (S-1-5-21-3348164379-2074273684-1757593965-1000 - Administrator - Enabled) => C:\Users\OWNER
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0825.2010 - Acer Incorporated)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{1CAFFEC6-23B4-484B-B17B-3200BE5C5636}) (Version: 99.9 - Eyeo GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Akamai NetSession Interface (HKLM-x32\...\Akamai) (Version:  - )
Akamai NetSession Interface (HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alan Wake version 1.0 (HKLM-x32\...\{8B7IL77L-87234A-AWAKE-18CD6E6334R1}_is1) (Version: 1.0 - Black Box)
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Anker Precision Laser Gaming Mouse version 1.3 (HKLM-x32\...\{F9A7ED2C-34E1-4A96-9A25-B022C23C3361}_is1) (Version: 1.3 - ANKER Technology)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Profiles (HKLM-x32\...\{EBBE64F6-7E23-5857-891F-045560AECC7F}) (Version: 2.0.4674.34053 - Advanced Micro Devices, Inc.)
ATI AVIVO64 Codecs (Version: 10.12.0.00225 - ATI Technologies Inc.) Hidden
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6140 - AVG Technologies)
AVG 2015 (Version: 15.0.4435 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6140 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.638 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.8.4.282 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Belkin F7D1101 Basic Wireless USB Adapter (HKLM-x32\...\InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}) (Version: 1.0.0.4 - Belkin)
Belkin F7D1101 Basic Wireless USB Adapter (x32 Version: 1.0.0.4 - Belkin) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Canon Camera Access Library (HKLM-x32\...\CAL) (Version: 8.1.1.17 - )
Canon Camera Support Core Library (HKLM-x32\...\CSCLIB) (Version: 7.3.1.6 - )
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC5) (Version: 5.4.5.17 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.2.0.8 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowMC) (Version: 6.1.0.7 - )
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.0.1.3 - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.2.0.13 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 2.3.0.11 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.5.0.5 - )
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 1.0.3.17 - )
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.17.41 - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 5.6.0.27 - )
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )
Cole2k Media - Codec Pack (Advanced) 8.0.2 (HKLM-x32\...\Cole2k Media - Codec Pack) (Version: 8.0.2 - Cole2k Media)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID HWMonitor 1.19 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Souls II version 1.06 (HKLM-x32\...\Dark Souls II_is1) (Version: 1.06 - GMT-MAX.ORG)
Dark Souls Prepare to Die Edition (HKLM-x32\...\GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}) (Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.)
Dark Souls Prepare to Die Edition (x32 Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.) Hidden
Dead Space™ (HKLM-x32\...\{4D87DC92-C328-46EC-A7B4-9C88129DC696}) (Version: 1.0.222.0 - Electronic Arts)
Dead Space™ 2 (HKLM-x32\...\{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}) (Version: 1.0.942.0 - Electronic Arts)
D-Link DWA-125 (HKLM-x32\...\{E45CACFE-0576-4375-A84F-C34B99A7B652}) (Version:  - D-Link)
D-Link DWA-160  (HKLM-x32\...\{294A97F8-CC15-41F7-8718-CEE6B0C7D7E0}) (Version:  - D-Link Corporation)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
Fallout New Vegas  1.4 (HKLM-x32\...\Fallout New Vegas_is1) (Version: 1.4 - Bethesda Softworks)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
FreeMat (HKLM-x32\...\FreeMat 4.2) (Version: 4.2 - Humanity)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Gyazo 3.1.6 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (x32 Version: 1.3 - Riot Games) Hidden
LG USB Modem Drivers (HKLM-x32\...\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}) (Version: 4.9.4 - LG Electronics)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.227 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.227 - LogMeIn, Inc.) Hidden
Maintenance Samsung ML-191x 252x Series (HKLM-x32\...\Samsung ML-191x 252x Series) (Version:  - Samsung Electronics CO.,LTD)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MATLAB R2014a (HKLM\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.0 (HKLM\...\{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Nero 9 Essentials (HKLM-x32\...\{01edc90d-6ac3-41a4-8d69-03d4064058ba}) (Version:  - Nero AG)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.60.8 - Black Tree Gaming)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Physiology Test Generator (HKLM-x32\...\{8FE523C7-64AE-49B6-ABEA-A14A37817E0F}) (Version: 1.0.0 - University of Toronto)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Python 2.7.2 (HKLM-x32\...\{2E295B5B-1AD4-4D36-97C2-A316084722CF}) (Version: 2.7.2150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rapport (Version: 3.5.1205.18 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1507.77 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
Saints Row The Third version 1.0 (HKLM-x32\...\{4B7IL77L-LKS1-ROW3-SAINTS-18CD6E6334R1}_is1) (Version: 1.0 - THQ)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Sleeping Dogs version 1.4 (HKLM-x32\...\Sleeping Dogs_is1) (Version: 1.4 - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - Terry Cavanagh)
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version:  - Bossa Studios)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.19617 - TeamViewer)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Binding of Isaac Rebirth 1.0 (HKLM-x32\...\The Binding of Isaac Rebirth 1.0) (Version: 1.0 - Games on Cat-A-Cat.Net)
The Elder Scrolls V Skyrim (HKLM-x32\...\{4FEF52F2-3C2C-4B80-9443-3D6A654328D0}_is1) (Version:  - Bethesda Softworks)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.77 - Trusteer)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Ultra Street Fighter IV (HKLM-x32\...\VWx0cmFTdHJlZXRGaWdodGVySVY=_is1) (Version: 1 - )
Unity Web Player (HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Watermark Master (remove only) (HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\...\WatermarkMaster) (Version:  - )
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WTFast 3.5 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.5.5.428 - Initex & AAA Internet Publishing)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3348164379-2074273684-1757593965-1003_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Jimmy Makers\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3348164379-2074273684-1757593965-1003_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Jimmy Makers\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3348164379-2074273684-1757593965-1003_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Jimmy Makers\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3348164379-2074273684-1757593965-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jimmy Makers\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3348164379-2074273684-1757593965-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Jimmy Makers\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3348164379-2074273684-1757593965-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jimmy Makers\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
26-09-2015 16:05:02 JRT Pre-Junkware Removal
28-09-2015 17:28:47 JRT Pre-Junkware Removal
29-09-2015 23:34:11 JRT Pre-Junkware Removal
30-09-2015 02:10:42 JRT Pre-Junkware Removal
01-10-2015 00:50:10 JRT Pre-Junkware Removal
01-10-2015 11:57:54 JRT Pre-Junkware Removal
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2015-10-02 14:49 - 00000835 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07180F5C-0E3A-42A3-8A9D-2C8C40CA8E84} - \EPUpdater -> No File <==== ATTENTION
Task: {084E8CF8-C77F-495F-9711-42CFA76E5EDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {0AFC3D9A-4766-4D5C-BB9F-AD210C163233} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {0BD0AB3F-DC37-4DB8-906F-033BABAFFF39} - System32\Tasks\gg_uac_daemon_OWNER => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2013-07-10] ()
Task: {180A7701-32D6-435E-805A-60C291DB894A} - System32\Tasks\Google Update => C:\Users\Jimmy Makers\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {1B44F2CB-0078-4E42-8CD8-5F4A670716C5} - \Funmoods -> No File <==== ATTENTION
Task: {21149A66-1A3F-4499-A3D2-5ED2506A6E3D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3348164379-2074273684-1757593965-1003UA => C:\Users\Jimmy Makers\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {30E89839-9343-4158-8067-17E2DD1482E2} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {5C299CF4-B8A0-48BA-9A13-C36487E6DD69} - System32\Tasks\KMS => C:\Windows\Setup\Office.bat [2010-05-20] ()
Task: {6116F597-8D23-4F51-BB7E-B83AAA371928} - System32\Tasks\{58544F88-4D29-49AC-9EAC-16ABAE938435} => C:\Games\Diablo 2 with Lord of Destruction (v1.13c) (Direct Play)\Diablo II Lord of Destruction (v1.13c)\Diablo II\Diablo II.exe
Task: {6206C729-A2C3-408F-9517-E552B0A12E0F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {661FFF16-13A7-4677-9DDE-7C97711DDF35} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {69C847E1-8D35-4459-87DC-73D5EA732380} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {6A216C75-D93D-4CE7-ABF1-5E2E0B2C4D9A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7494F1F8-6620-4CA1-AE88-0D0F8408B81D} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-08-04] (AVG Technologies)
Task: {74D337B1-3C63-43AC-9FC9-9CA8D916511C} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-08-04] (Oracle Corporation)
Task: {7E2F93AC-F4D8-48C2-A686-B347285DB4DE} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {848E79DB-432A-4DDF-86AE-A19E9B735133} - \BuzzSocialPoints_DNS_Checker -> No File <==== ATTENTION
Task: {98E295A5-E44D-4F34-9DED-2AC88BCED8FF} - System32\Tasks\{AE928C8F-132E-4A2B-A60B-6F20745F9679} => pcalua.exe -a "C:\Games\Left 4 Dead 2\Makedesktopicons.exe" -d "C:\Games\Left 4 Dead 2"
Task: {C0F0FCA4-C476-4BBD-B4E1-1A2776B89023} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2010-07-21] (Microsoft Corporation)
Task: {C22D7824-59CF-4C75-9710-8B1527DE1A64} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {E741609A-9626-4140-B221-07143820F2AD} - System32\Tasks\{A3165B4F-EF91-4EA8-909A-CB5380899FC1} => pcalua.exe -a "C:\Program Files (x86)\Super Meat Boy\unl-smbr.exe" -d "C:\Program Files (x86)\Super Meat Boy"
Task: {EB569C15-E540-47D0-9F30-9FA735062112} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3348164379-2074273684-1757593965-1003Core => C:\Users\Jimmy Makers\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {EDE5CA8C-D893-4B67-8928-7D4C038FDFBF} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3348164379-2074273684-1757593965-1003Core.job => C:\Users\Jimmy Makers\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3348164379-2074273684-1757593965-1003UA.job => C:\Users\Jimmy Makers\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-06-22 08:42 - 2011-06-22 08:42 - 00034304 _____ () C:\Windows\System32\ssp4ml6.dll
2012-12-19 16:32 - 2012-12-19 16:32 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-09-12 22:26 - 2010-07-12 14:39 - 00053248 _____ () C:\Program Files (x86)\D-Link\DWA-160\ANIWConnService.exe
2012-03-29 13:15 - 2013-08-22 00:21 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-03-29 13:15 - 2014-08-01 17:06 - 00107832 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-08-04 08:26 - 2015-08-04 08:26 - 00718040 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2009-04-19 11:34 - 2009-04-19 11:34 - 00625184 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-04-19 11:34 - 2009-04-19 11:34 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-04-19 11:34 - 2009-04-19 11:34 - 00578080 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2009-04-19 11:34 - 2009-04-19 11:34 - 00207904 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2015-08-04 08:26 - 2015-08-04 08:26 - 00861912 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-08-04 08:40 - 2010-08-04 08:40 - 00611872 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2010-12-30 21:32 - 2009-08-14 04:10 - 00614400 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2015-08-20 15:32 - 2014-01-10 12:08 - 03353600 _____ () C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
2010-12-30 21:32 - 2009-03-05 08:05 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2012-12-19 16:32 - 2012-12-19 16:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-04-27 23:33 - 2013-04-02 17:54 - 01294336 _____ () C:\Users\Jimmy Makers\Desktop\Gam\League of Legends  1100\RADS\system\rads_user_kernel.exe
2015-10-01 00:54 - 2015-10-01 00:54 - 02220536 _____ () C:\Users\Jimmy Makers\Desktop\Gam\League of Legends  1100\RADS\projects\lol_launcher\releases\0.0.1.0\deploy\LoLLauncher.exe
2015-10-01 00:54 - 2015-10-01 00:54 - 04043768 _____ () C:\Users\Jimmy Makers\Desktop\Gam\League of Legends  1100\RADS\projects\lol_patcher\releases\0.0.0.40\deploy\LoLPatcher.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-12-30 21:33 - 2011-06-22 08:42 - 00826880 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\ssp4mdu.dll
2015-07-30 01:32 - 2015-07-30 01:32 - 00074752 _____ () C:\Users\Jimmy Makers\Desktop\Gam\League of Legends  1100\RADS\projects\lol_air_client\releases\0.0.1.161\deploy\LolClient.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-21 17:02 - 2015-07-21 17:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2010-08-04 05:47 - 2010-08-04 05:47 - 00144896 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2015-08-20 15:32 - 2011-01-27 00:53 - 00028160 _____ () C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\uiHook.dll
2013-09-12 22:27 - 2013-09-12 22:27 - 00315392 _____ () C:\Program Files (x86)\D-Link\DWA-160\ANPDApi.dll
2013-09-12 22:26 - 2011-09-14 13:56 - 00294912 _____ () C:\Program Files (x86)\D-Link\DWA-160\WlanApp.dll
2015-09-27 13:10 - 2015-09-23 22:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-27 13:10 - 2015-09-23 22:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2015-10-01 00:54 - 2015-10-01 00:54 - 01602552 _____ () C:\Users\Jimmy Makers\Desktop\Gam\League of Legends  1100\RADS\projects\lol_patcher\releases\0.0.0.40\deploy\RiotLauncher.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-10-01 00:58 - 2015-10-01 00:59 - 04885152 _____ () C:\Users\Jimmy Makers\Desktop\Gam\League of Legends  1100\RADS\projects\lol_air_client\releases\0.0.1.161\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2015-10-01 00:59 - 2015-10-01 00:59 - 17414304 _____ () C:\Users\Jimmy Makers\Desktop\Gam\League of Legends  1100\RADS\projects\lol_air_client\releases\0.0.1.161\deploy\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:DA990ED8
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\15712937.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\15712937.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\Software\Classes\.exe:  =>  <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\...\samsungsetup.com -> hxxp://www.samsungsetup.com
IE trusted site: HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\...\sony.com -> sony.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Jimmy Makers\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: WinDefend => 2
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MDS_Menu => "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C1F64E63-EE8B-43D2-9DE6-C0273E6B09DE}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{16208EE2-981F-477E-9771-E2FFDA75FEAC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0DA09B24-6452-4D7E-930A-8872EFB796B7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0FF10B20-ECE2-46F0-A1E7-5E9884F9ADC7}] => (Allow) LPort=2869
FirewallRules: [{C4F7FF4F-138F-4ED3-AA6D-CB4F3939D550}] => (Allow) LPort=1900
FirewallRules: [{23127DB2-82BC-4C01-8F2C-F00CC207CAC2}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{440D21E8-18F3-41DA-8380-FDC40BE96A7A}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{D9C82B14-4055-44C6-A194-4366BEC3E39F}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{AD64590C-6709-404D-B65B-1BE5B763399D}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{8534DAF0-C2F6-4E6C-8BEF-C9EF68CF5570}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{7D027F3E-F3A5-4F99-8C13-991D38A93B40}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{9C9AB3CB-0D07-45B1-A9E3-42FC73F938E1}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{B833DD32-180A-4498-9913-A63F0FE2734F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{83BF69A8-DB5F-4D5D-AB61-A14BA1EF1D54}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BE4DF8A9-A1B9-48B7-9146-725FF406706F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5337B14F-A01C-4D43-BE35-84CEDA809CB8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CD3BF458-9337-4303-B3EF-889D4E12253D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{E326B46D-DEE9-4E80-A4DA-6590383E3710}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{E39333BC-AE77-4E2B-8614-957AE2E20BC7}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{E7E5139E-1319-494A-92BA-50A0BA8BA60A}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{6C4ABA8F-C33A-473E-BC1E-6D5922AD2841}] => (Allow) C:\Users\Jimmy Makers\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{5FD8BE15-7214-4F65-950B-2FFCCA86FFD3}] => (Allow) C:\Users\Jimmy Makers\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{74C439C6-47BC-432A-B3A0-E1DC8FF73593}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{AF401DE6-0F3D-4D31-93FE-AE9CBF47AB44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{B72D1673-730D-4B49-9C74-E94273E1DB48}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{60F3E1B0-30AE-427C-9C91-3D04053F375D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CA09B049-8653-4CC8-BFCD-97C995F281B8}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{69AF6B63-4B9D-49A7-852D-CCF09C6DDEBD}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{461097B9-50A1-4BEB-AE6C-A9E09688509E}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{7B7596FC-B613-4D44-A9E7-8CB9A6D33196}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{57613B78-E1E5-418B-BD3A-248D5A65BF49}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{B9ED115F-3621-401C-B6B6-431B6E604935}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{FBAB1A45-132D-47E4-B5F4-96A8FE7514B2}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{1889B417-87C7-48B9-8721-4FE21C349C5C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{ADFF61C3-18B8-4721-BAF2-4DDB7027831D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{147A922B-0D21-41DA-8259-3E2B77288595}] => (Allow) C:\Users\Jimmy Makers\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{377B9DEA-7B7E-46C2-BDB2-E58369E5FEE3}] => (Allow) C:\Users\Jimmy Makers\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{B7A958A4-3FC5-4EC1-8C74-8B1C88E925B1}] => (Allow) LPort=8381
FirewallRules: [{0B2275F4-9C4F-472C-ADDF-37C2DB13ABDC}] => (Allow) LPort=8381
FirewallRules: [{3D4BFCBF-1C82-4B62-B8E4-80D55B6CD396}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{628E434C-0DC0-4BA7-AC9A-BADCBEB19989}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{12C52CA8-88FB-4873-A092-8FB4A688F37A}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{43CB704C-2E25-472E-900B-A3C8F2980092}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{55434A26-25ED-4704-84B9-DBD251DAEFC3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5BC5D855-83BC-4BDE-9B8F-DB77F28F8178}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CA3B6B79-1925-4346-8F7E-645C8C92C8EB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{73434274-903B-47E3-863D-C61217FE61E3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E5282CA6-5DE8-4C71-8065-CF93C201109E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{3BC97E67-AA8F-4EC6-AF73-D8D9E4F89E8B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{95BE5F93-8E62-44CE-8568-50F14A87897C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{7DDE2215-992B-4BA9-9153-1F7F7AACAE2C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{F373C369-A0CF-4599-BAD9-EE864BD20D2E}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{3FD79675-A022-439F-B96B-03620799243E}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{51FF123A-2887-4AE2-A473-711264CA3FFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{99E57F6F-F10F-4B5C-81AA-660F32E1C8DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{ABC563FC-A85A-43E6-BD3F-FB619B9085B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D6B5B223-35AC-48F5-BB97-EF03E7CAD384}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{FCE1551C-BBD0-44E8-82F0-37B94A4F68B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{63759A32-8C13-411A-8F45-41826B9E1B81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5A19FCB6-A057-4822-A0C2-95AD50AAF506}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{3C8D4528-2527-4CD9-BA46-B13A92C5D326}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{65E17F24-4661-4A4C-9948-C3D372C5EA81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{EC5B6372-3172-4ACD-97C4-DFDE91B9D888}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{1A293C6C-5281-4A41-9F4E-2BBA3273BE8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{34C2FE02-AEA7-445C-9A6D-CBC94037FE99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{12CD8919-8332-4D62-ADA4-647858DF947F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{23D3DDA7-325A-4E0C-B1AC-326A647C7C9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{B2624C4D-329A-4C51-A0EB-62576075ACFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{47F797F5-93DF-4331-9902-4D45007375E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{436C95D0-FAA4-4A0C-BC22-157EB20E8B15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{1EC26DA5-A1E3-4462-9BCC-D1174E7B21F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{A173667C-8A3C-43A8-8EA9-91F69E45F678}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{E73C0F31-6C05-40C7-B008-73F1BBACB9D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{F4C7F5E7-4C16-49E7-8EA4-5CC911695E3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{18E4E33C-E829-4C6D-BEB9-A287EABC71A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{AC4A5483-C7B5-404B-BCC7-6C22597FC6C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{69081AFD-9410-46ED-BFE3-24BC00FA9537}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{6353D3E8-99DB-40D8-AB91-BC6EB7D19F8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{3D862689-B307-4823-8417-4B8EC883A0B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{05F93D5F-0916-4446-89AF-DEEE61CC5C11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{A6960069-FA98-4A55-AFF8-2A90C6A8C311}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{1D55A603-F156-4CE6-80C2-B78DED9F9EC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0173D3F8-A323-4C09-B1F9-E78A20F130A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F33F37A6-A332-4249-A32E-250C3936FBE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{1B4C3EAD-9A84-411D-937D-D212DA0126AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{28881C3D-8439-4981-8F2A-B60AFC58CCAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5A2FAF2E-9DB7-49FA-8BD6-AD30F133608E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{CA689E37-7B18-40BB-A63F-AACFAC0071D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0BF75600-6291-4267-8697-F3BE5BF08BFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5304E067-65B7-4717-BC84-5DA5FB460A9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{A844AADE-8E2E-4447-A13E-93BE1DF9E7B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{4A516033-E199-4194-996A-4A919CE1D28C}C:\users\jimmy makers\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jimmy makers\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{4B9CB8D9-5B9F-4650-8935-FD8258EC059A}C:\users\jimmy makers\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jimmy makers\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{4106EC53-332C-423D-9257-2B4E560C0CFA}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{332368B6-869E-420B-9A81-413DC75C6E69}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{A274CA91-0F1F-4D0E-9DBB-7DE8FFE5F881}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{695585C3-0261-4657-AD50-C8E3F21680D0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{972318D2-DE7B-4FD1-A6AD-717E101424D7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2426\Agent.exe
FirewallRules: [{4A3498DE-BD2A-4637-A855-6302ACC2C7DA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2426\Agent.exe
FirewallRules: [TCP Query User{641A8E53-6DC3-4539-B35E-DB8A05C2BE93}C:\games\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{7738D602-4FDB-480C-9431-0CA25085FE09}C:\games\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{985A351C-ACE6-4229-A9D7-A82A4EBB76FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{8DCEF95E-BB6C-4750-8575-469970BE8525}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{A1CBA0B3-1ABD-46CE-9510-30EC47D3EB6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F174D179-CCA3-4BFC-8577-33E6828734C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{856237F6-B380-4172-AAED-4EB45755D5A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [{3CEF7E0A-5941-4742-9D34-B96686E5C0B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [{4D9D24EB-C360-4096-A707-11E9876D03CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{BEB050C4-BD89-4F09-8AFF-64744C1767D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{757C62F1-B1B7-4A32-AC73-ACF68CD17A92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BFA41BFE-C17C-476F-B032-AFD30C28E6AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BA71D65E-E2F7-46C8-8FD6-649BF7612A77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{9A27B311-F6C3-4090-867B-170597F39F80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{93B4DCDF-C2B2-40BB-9078-31A115FD198E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{055781AF-CB35-46C8-9C32-537B89B85508}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{88040C8E-79A6-4DE5-B157-BAB679FB44DA}C:\users\jimmy makers\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jimmy makers\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{A47F763B-C7E3-4F6B-816D-807DB28FFA10}C:\users\jimmy makers\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jimmy makers\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{206C8846-0684-4727-B232-72A83CC0298F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{95B2BD9A-A2C9-4FF7-AF55-B5E216E7048D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6702077C-FA67-48C9-9028-2712D80DB7D0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{50912C0A-EB3F-4DCB-9D7C-27BAD0FE4F5A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CE9B9AE0-12A2-4132-A37B-AF19E5207B4D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{214FDA28-EC89-4044-B3D1-AB019D3E9E54}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{5022F21F-BCB2-4562-8CE3-65A914CF25B4}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{98000935-4F8E-49EE-87C2-01F5E1F16CA6}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{EE3D3B0C-899A-48E3-A2D1-AFADC768C8B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EE5F6CB4-EEDD-4562-82BE-F150F51BEFDF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3FC2DBBA-7EAE-4182-B7A0-8E1D06AF9573}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A5FEE19F-E765-4C8F-9248-81A65366A964}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{168D9AD4-0DD5-4016-86A2-42C4A1162C85}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{5402602B-4738-43CE-B276-420F3E2DA446}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{1C30792F-D232-437E-8AF3-4466BBC5E95A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{4BCE2132-4553-4772-8DAC-4288833CA358}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{CF98AD19-F014-4D18-994F-1503D8B859A2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [TCP Query User{DEF53FE1-E965-47A1-9874-0213FC04DDD9}C:\games\starcraft no install\starcraft no install\starcraft.exe] => (Allow) C:\games\starcraft no install\starcraft no install\starcraft.exe
FirewallRules: [UDP Query User{06990936-E2C5-4798-8AB0-1F7AF20B3997}C:\games\starcraft no install\starcraft no install\starcraft.exe] => (Allow) C:\games\starcraft no install\starcraft no install\starcraft.exe
FirewallRules: [TCP Query User{7F3087CF-5BB4-4C53-B59A-DD38AA7E57E2}C:\program files (x86)\black_box\saints row the third\saintsrowthethird_dx11.exe] => (Allow) C:\program files (x86)\black_box\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{FC8CD221-22F2-432F-A61D-75BC5EF80481}C:\program files (x86)\black_box\saints row the third\saintsrowthethird_dx11.exe] => (Allow) C:\program files (x86)\black_box\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{258A70E6-AC39-4E43-B51F-9AFE4956D61B}C:\program files (x86)\black_box\saints row the third\saintsrowthethird_dx11.exe] => (Allow) C:\program files (x86)\black_box\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{0D33E044-5BC1-4BF7-8ABF-ECE2ED700F4E}C:\program files (x86)\black_box\saints row the third\saintsrowthethird_dx11.exe] => (Allow) C:\program files (x86)\black_box\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [{CADC2084-8279-4EB2-81B4-628BFD7D20A4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{5CCAFC8F-3727-4AB1-914B-F1AF39B1C4D8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{B71AD204-AA7B-421C-AE4C-A16C6DA5DCA1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{26E78A6D-641F-46ED-8286-7C1B2FB51CCB}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{1FC327EC-D5DB-4E91-8E8F-B80E521A64D5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{E9E5BCF3-828D-47D0-80B9-61FF1609F043}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [TCP Query User{D5FCC145-9E62-4056-99D7-8F81B1B1FE9B}C:\program files (x86)\electronic arts\dead space\dead space.exe] => (Allow) C:\program files (x86)\electronic arts\dead space\dead space.exe
FirewallRules: [UDP Query User{0A222B81-13E9-4BF7-8215-538D87561D56}C:\program files (x86)\electronic arts\dead space\dead space.exe] => (Allow) C:\program files (x86)\electronic arts\dead space\dead space.exe
FirewallRules: [{35A74C79-394B-4A45-B980-034FA858BF34}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/05/2015 02:20:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 45.0.2454.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1d08
 
Start Time: 01d0ff99e7699d50
 
Termination Time: 4
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: bba631a1-6b8d-11e5-97bf-c3032f201caf
 
Error: (10/05/2015 02:16:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 45.0.2454.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1228
 
Start Time: 01d0ff98a9243290
 
Termination Time: 4
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 238389e1-6b8d-11e5-97bf-c3032f201caf
 
Error: (10/05/2015 01:25:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ssp4msm.exe, version: 1.1.0.12, time stamp: 0x4e11d0ae
Faulting module name: ssp4msm.exe, version: 1.1.0.12, time stamp: 0x4e11d0ae
Exception code: 0xc0000005
Fault offset: 0x00043bed
Faulting process id: 0x1d38
Faulting application start time: 0xssp4msm.exe0
Faulting application path: ssp4msm.exe1
Faulting module path: ssp4msm.exe2
Report Id: ssp4msm.exe3
 
Error: (10/04/2015 12:30:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 45.0.2454.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1848
 
Start Time: 01d0fec187ada600
 
Termination Time: 4
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 3402a6d1-6ab5-11e5-afde-fd60e300b0ac
 
Error: (10/04/2015 12:27:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 45.0.2454.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1c74
 
Start Time: 01d0fec01d239700
 
Termination Time: 3
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: c0b151e1-6ab4-11e5-afde-fd60e300b0ac
 
Error: (10/04/2015 12:17:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 45.0.2454.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 11c0
 
Start Time: 01d0feba9c0761b0
 
Termination Time: 733
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 4c6a95e1-6ab3-11e5-afde-fd60e300b0ac
 
Error: (10/04/2015 02:12:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 45.0.2454.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1610
 
Start Time: 01d0fe6b09267740
 
Termination Time: 5
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: dafa48f1-6a5e-11e5-87de-d687ec82c1a2
 
Error: (10/04/2015 02:08:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 45.0.2454.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1318
 
Start Time: 01d0fe4e93f15010
 
Termination Time: 158
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 4270b971-6a5e-11e5-87de-d687ec82c1a2
 
Error: (10/03/2015 08:02:00 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3348164379-2074273684-1757593965-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {1964694f-8b6d-49f3-8acf-d4815e49afd0}
 
Error: (10/03/2015 06:41:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 45.0.2454.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 10bc
 
Start Time: 01d0fe2970dfcdb0
 
Termination Time: 3
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: e9a32dc1-6a1f-11e5-a326-97d248d661b3
 
 
System errors:
=============
Error: (10/06/2015 12:20:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSPORT service failed to start due to the following error: 
%%2
 
Error: (10/06/2015 12:20:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%2
 
Error: (10/05/2015 06:50:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSPORT service failed to start due to the following error: 
%%2
 
Error: (10/05/2015 06:50:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%2
 
Error: (10/05/2015 02:06:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSPORT service failed to start due to the following error: 
%%2
 
Error: (10/05/2015 02:06:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%2
 
Error: (10/05/2015 01:59:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (10/05/2015 01:59:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/05/2015 01:59:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/05/2015 01:59:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AVG PC TuneUp Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2015-09-26 12:32:13.089
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-26 12:32:12.893
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-26 12:32:12.364
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-23 19:39:27.228
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-23 19:39:27.013
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-23 19:39:26.605
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-19 12:21:27.141
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-19 12:21:26.956
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-19 12:21:26.782
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-18 14:22:36.311
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 810 Processor
Percentage of memory in use: 87%
Total physical RAM: 4095.23 MB
Available physical RAM: 512.29 MB
Total Virtual: 10235.44 MB
Available Virtual: 5721.43 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:915.79 GB) (Free:568.42 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 91F9994F)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=915.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 PM

Posted 06 October 2015 - 08:23 AM

Remove this program in bold using the Add/Remove Programs applet.
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

IFEO\airncfg.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ausetting.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\d-link wizard.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\greg.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\hamachi-2-ui.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ncc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\xboxstat.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
HKU\S-1-5-21-3348164379-2074273684-1757593965-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3348164379-2074273684-1757593965-1003 -> Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233}
SearchScopes: HKU\S-1-5-21-3348164379-2074273684-1757593965-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=48&CUI=UN42194828952316214&UM=2&UP=SPA984A314-EE1F-4BBD-89B3-422104DA63C6&SSPV=
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Jimmy Makers\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 uqk; \??\C:\koramgame\STOnline\avital\wyqku64.sys [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
CustomCLSID: HKU\S-1-5-21-3348164379-2074273684-1757593965-1003_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Jimmy Makers\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3348164379-2074273684-1757593965-1003_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Jimmy Makers\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3348164379-2074273684-1757593965-1003_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Jimmy Makers\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3348164379-2074273684-1757593965-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jimmy Makers\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
Task: {07180F5C-0E3A-42A3-8A9D-2C8C40CA8E84} - \EPUpdater -> No File <==== ATTENTION
Task: {1B44F2CB-0078-4E42-8CD8-5F4A670716C5} - \Funmoods -> No File <==== ATTENTION
Task: {848E79DB-432A-4DDF-86AE-A19E9B735133} - \BuzzSocialPoints_DNS_Checker -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:DA990ED8

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

How is the computer running now

#6 jimmysnack

jimmysnack
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 07 October 2015 - 08:51 PM

Great! its running fast and no crashes thanks nasdaq



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 PM

Posted 08 October 2015 - 08:17 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 jimmysnack

jimmysnack
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 08 October 2015 - 10:08 AM

I'm sorry but chrome still crashes, this time only after closing tabs. It runs a lot faster than before though.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 PM

Posted 08 October 2015 - 12:31 PM

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into new browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

<<<>>>

Keep me posted

#10 jimmysnack

jimmysnack
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 13 October 2015 - 11:22 PM

I tried but the icons and crashing still happens sometimes, it runs alot faster tho



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 PM

Posted 14 October 2015 - 09:10 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 PM

Posted 20 October 2015 - 08:01 AM

Are you still with me?

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 PM

Posted 26 October 2015 - 08:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users