Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost.exe high CPU and RAM usage


  • This topic is locked This topic is locked
2 replies to this topic

#1 Stormrage

Stormrage

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 10 January 2016 - 02:25 PM

Hi guys, the SVCHOST.exe on my system  use 25 % of my CPU and over 2GB of RAM...

YmYqEhy.png?1

.... in this topic you can see all of the things i did http://www.bleepingcomputer.com/forums/t/601386/svchostexe-problem/

 

after applied some windows updates manually  which i read with research in google that can help in my case  (Windows6.1-KB3102810-x64
Windows6.1-KB3050265-x64)  the svchost now use   ~700MB of RAM but  again 25 % CPU ...

jskm1YG.png

 

I have to use this batch script to stop the process every time if i notice that appear in the task maneger:

net stop wuauserv
net stop bits
rd /s /q %windir%\softwaredistribution
net start bits
net start wuauserv
wuauclt.exe /detectnow

The Windows Update on my system always be off... But now even if i try to turn it on nothing happen i see this

LXlhkx2.png

Continuously loading and nothing more...  my system restore points disappeared so i can't use them...
Sometimes my system work very strange... the internet sites loading very slowly but i can't notice any strange TCP/IP connections or problem with my ISP or router...

sometimes the program which i start begin to freezing and i can't close them even if i use the task maneger...

 

I try many scans with Rescue CD-s  of - Eset, Avira, Kaspersky and nothing...

 

 

Hope you can help me... :(

 

mnXrfta.png

 

This is the FRST Log

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015
Ran by Stormrage (administrator) on STORMRAGE-PC (10-01-2016 20:48:30)
Running from F:\Virusi
Loaded Profiles: Stormrage (Available Profiles: Stormrage & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\Advanced SystemCare 7\ASCService.exe
(Code Sector) C:\Program Files\TeraCopy\TeraCopyService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
() C:\Program Files\Everything\Everything.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(IObit) D:\Windows 7 - 64 Programs\Program Files x86\Portable Apps\PortableApps\SmartDefragPortable\App\SmartDefrag\SmartDefrag.exe
(IObit) C:\Program Files (x86)\Advanced SystemCare 7\Monitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Everything\Everything.exe
(Sand Studio) C:\Program Files (x86)\AirDroid\AirDroid.exe
(Unified Intents AB) C:\Program Files (x86)\Unified Remote\RemoteServer.exe
(Spotify Ltd) C:\Users\Stormrage\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\Everything\Everything.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(XBMC-Foundation) C:\Program Files (x86)\Kodi\Kodi.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-06] ()
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe [7739904 2015-12-30] (Sand Studio)
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\Run: [Unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-07-17] (Unified Intents AB)
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\Run: [Spotify Web Helper] => C:\Users\Stormrage\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-23] (Spotify Ltd)
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {048c1f3a-7a1f-11e4-9171-90e6babd593a} - V:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {11d9904f-ca87-11e4-8b0c-90e6babd593a} - V:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {17e7d6da-0f53-11e5-81f6-90e6babd593a} - V:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {1b333f21-4660-11e5-a03b-90e6babd593a} - W:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {259dbaa2-c266-11e4-b42d-90e6babd593a} - V:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {2744e13c-8c6f-11e5-8038-90e6babd593a} - W:\AutoRun.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {29b464ab-aa49-11e4-94a8-90e6babd593a} - V:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {40f9d4e5-47ed-11e5-aa50-90e6babd593a} - W:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {4358894c-530f-11e4-95ba-90e6babd593a} - V:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {56715856-667a-11e5-af5a-90e6babd593a} - W:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {5a322bb4-349c-11e5-be2f-90e6babd593a} - V:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {5fa9f7f1-343d-11e5-af2c-90e6babd593a} - V:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {634d0d69-476f-11e5-aba1-90e6babd593a} - W:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {700426bd-73d2-11e4-8293-90e6babd593a} - V:\setup_the_witcher_2_ee_3.0.1.17.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {7c513adf-e744-11e4-baf6-90e6babd593a} - V:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {86350a01-48b4-11e5-b404-90e6babd593a} - W:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {8783ebba-6bf3-11e4-9cd5-90e6babd593a} - V:\Setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {a1f8c0e1-86e9-11e5-a897-90e6babd593a} - W:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {b61c4d73-a0ef-11e5-a002-90e6babd593a} - W:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {baba9e30-4b07-11e4-be22-90e6babd593a} - V:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {c57ec020-9900-11e5-b2d2-90e6babd593a} - W:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {d5f450e7-4a10-11e4-af7a-90e6babd593a} - V:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {d8f684e5-4587-11e5-ac1a-90e6babd593a} - V:\Setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {d8f684ee-4587-11e5-ac1a-90e6babd593a} - W:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {db11ced8-31e1-11e5-97c2-90e6babd593a} - V:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {dcf37eba-e34f-11e4-ab74-90e6babd593a} - V:\setup.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\MountPoints2: {fd4515da-645e-11e4-a944-90e6babd593a} - V:\AutoRun.exe
HKU\S-1-5-21-215365994-4116708778-355400220-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-11-23] ()
Startup: C:\Users\Stormrage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-03-24] ()
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{29CF6803-292E-4D38-8711-ECF60ADB496A}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{29CF6803-292E-4D38-8711-ECF60ADB496A}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4AE380C4-96DE-426A-91AC-E253C2837EFB}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-215365994-4116708778-355400220-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-215365994-4116708778-355400220-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-215365994-4116708778-355400220-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-215365994-4116708778-355400220-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-06] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-06] (Oracle Corporation)
DPF: HKLM-x32 {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB

FireFox:
========
FF ProfilePath: C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.jobs.bg/front_job_search.php?last=5&frompage=0&str_regions=&str_locations=&tab=jobs&old_country=&country=-1&region=0&location[]=16&l_category[]=0&keyword=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-04] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-04] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-215365994-4116708778-355400220-1000: @acestream.net/acestreamplugin,version=3.1.2 -> C:\Users\Stormrage\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
FF Plugin HKU\S-1-5-21-215365994-4116708778-355400220-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Stormrage\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-215365994-4116708778-355400220-1000: @talk.google.com/O1DPlugin -> C:\Users\Stormrage\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-215365994-4116708778-355400220-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Stormrage\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-215365994-4116708778-355400220-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Stormrage\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Stormrage\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Stormrage\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF SearchPlugin: C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\searchplugins\youtube---.xml [2015-01-30]
FF SearchPlugin: C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\searchplugins\zamundanet.xml [2015-02-01]
FF Extension: Show Me More - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\extensions\showmemore@suskind.xpi [2015-06-10]
FF Extension: AutoClose Tabs - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\extensions\autoclose@mozilla.queze.net.xpi [2015-06-10]
FF Extension: Save Images - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\extensions\LDSI_plashcor@gmail.com.xpi [2015-06-10]
FF Extension: BBCodeXtra - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi [2015-11-30]
FF Extension: CacheViewer - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi [2015-12-15]
FF Extension: Nightly Tester Tools - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2015-12-17]
FF Extension: StumbleUpon - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2015-12-27]
FF Extension: Save Image in Folder - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}.xpi [2015-12-27]
FF Extension: Image Picker - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\extensions\ImagePicker@topolog.org [2016-01-03]
FF Extension: Bulk Image Downloader - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\extensions\{524B8EF8-C312-11DB-8039-536F56D89593}.xpi [2016-01-07]
FF Extension: Multiple File Downloader - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\extensions\{3f1d5914-65d6-4344-985b-2c6c28a40398}.xpi [2016-01-07]
FF Extension: 365Scores Notifier - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\extensions\Firefox@365scores.com [2016-01-07]
FF Extension: NoScript - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-01-08]
FF Extension: No Name - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\extensions\ascsurfingprotection@iobit.com [not found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [not found]
FF Extension: Add to Search Bar - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2015-06-04]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\Extensions\artur.dubovoy@gmail.com [2015-12-17]
FF Extension: Bulgarian Dictionary - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\Extensions\bg-BG@dictionaries.addons.mozilla.org [2015-12-23] [not signed]
FF Extension: Download Master Toolbar - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\Extensions\dmbarff@westbyte.com [2015-10-20] [not signed]
FF Extension: United States English Spellchecker - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\Extensions\en-US@dictionaries.addons.mozilla.org [2016-01-09]
FF Extension: YouTube Video and Audio Downloader - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2016-01-02]
FF Extension: YouTube™ Enhancer Plus - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\Extensions\firefoxaddon@youtubeenhancer.com [2016-01-08]
FF Extension: Gmail Notifier (restartless) - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2016-01-01]
FF Extension: Offline QR generator - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\Extensions\jid1-5h9We5DytuZ14Q@jetpack.xpi [2015-09-15]
FF Extension: Google™ Translator - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\Extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi [2015-12-23]
FF Extension: Media Converter and Muxer - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\Extensions\jid1-kps5PrGBNtzSLQ@jetpack.xpi [2015-11-28]
FF Extension: YouTube™ HD Plus - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\Extensions\jid1-wkCmfgboni3B1Q@jetpack.xpi [2016-01-06]
FF Extension: ScribeFire Next - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\Extensions\next@scribefire.com.xpi [2015-06-04]
FF Extension: YouTube Plus - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\Extensions\particle@particlecore.github.io.xpi [2016-01-06]
FF Extension: FlashGot - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-05-27]
FF Extension: Download Status Bar - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2015-06-04]
FF Extension: YouTube High Definition - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-01-10]
FF Extension: Image Toolbar - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\Extensions\{A4732521-77D9-447E-A557-B279AC923F06}.xpi [2015-12-27]
FF Extension: BitComet Video Downloader - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2014-09-28] [not signed]
FF Extension: Video DownloadHelper - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-28]
FF Extension: Adblock Plus - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-17]
FF Extension: Add to Search Bar - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\add-to-searchbox@maltekraus.de.xpi [2015-03-05] [not signed]
FF Extension: AutoClose Tabs - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\autoclose@mozilla.queze.net.xpi [2015-07-08]
FF Extension: Bulgarian Dictionary - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\bg-BG@dictionaries.addons.mozilla.org [2015-03-05] [not signed]
FF Extension: Download Master Toolbar - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\dmbarff@westbyte.com [2015-10-20] [not signed]
FF Extension: Download Master Media Monitor - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\dmmm@westbyte.com [2015-10-20] [not signed]
FF Extension: Download Master Plugin - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\dmpluginff@westbyte.com [2015-10-20] [not signed]
FF Extension: Download Master Remote Download - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\dmremote@westbyte.com [2015-10-20] [not signed]
FF Extension: YouTube Video and Audio Downloader - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2015-05-10] [not signed]
FF Extension: Self-Destructing Cookies - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2015-07-08]
FF Extension: Instagram for Firefox - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\jid0-BumCY9dUzYckeJaH3JEeimjBpxM@jetpack.xpi [2015-07-02]
FF Extension: Gmail Notifier (restartless) - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2015-04-26] [not signed]
FF Extension: Offline QR generator - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\jid1-5h9We5DytuZ14Q@jetpack.xpi [2015-03-05] [not signed]
FF Extension: Magrent - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\jid1-9tZMAIdeuiEjHg@jetpack.xpi [2015-07-02]
FF Extension: YouTube Center - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2015-05-25] [not signed]
FF Extension: Media Converter and Muxer - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\jid1-kps5PrGBNtzSLQ@jetpack.xpi [2015-07-02]
FF Extension: YouTube ALL HTML5 - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2015-05-25] [not signed]
FF Extension: YouTube™ HD Plus - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\jid1-wkCmfgboni3B1Q@jetpack.xpi [2015-05-10] [not signed]
FF Extension: Save Images - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\LDSI_plashcor@gmail.com.xpi [2015-04-26] [not signed]
FF Extension: Instagram Video Download - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\lumerias-instagram@lumerias.com.xpi [2015-07-02]
FF Extension: ScribeFire Next - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\next@scribefire.com.xpi [2015-03-05] [not signed]
FF Extension: Show Me More - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\showmemore@suskind.xpi [2015-07-08]
FF Extension: Media Stealer - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\stealer@physacco.com.xpi [2015-07-08]
FF Extension: Video WithOut Flash - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\vwof@drev.com.xpi [2015-04-26] [not signed]
FF Extension: YouTube Unblocker - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\youtubeunblocker@unblocker.yt [2015-03-05] [not signed]
FF Extension: FlashGot - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-04-26] [not signed]
FF Extension: TextMarker! - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\{1c530060-b0ae-11d9-9669-0800200c9a66} [2015-05-25] [not signed]
FF Extension: uBlock - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-05-25] [not signed]
FF Extension: ImageGrabber - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\{546d2a00-2bbf-11dc-8314-0800200c9a66}.xpi [2015-03-05] [not signed]
FF Extension: Download Status Bar - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2015-03-05] [not signed]
FF Extension: CacheViewer - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi [2015-04-26] [not signed]
FF Extension: NoScript - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-07-08]
FF Extension: YouTube High Definition - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2015-05-25] [not signed]
FF Extension: Nightly Tester Tools - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2015-04-26] [not signed]
FF Extension: StumbleUpon - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2015-07-08]
FF Extension: BBCodeXtra - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi [2015-07-08]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-05-25] [not signed]
FF Extension: Video DownloadHelper - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-05-25] [not signed]
FF Extension: Adblock Plus - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-26] [not signed]
FF Extension: Memory Fox - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2015-05-25] [not signed]
FF Extension: User Agent Switcher - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2015-03-05] [not signed]
FF Extension: Add to Search Bar - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\sws9ux9n.default-1449915920718\Extensions\add-to-searchbox@maltekraus.de.xpi [2015-12-12]
FF Extension: YouTube Video and Audio Downloader - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\sws9ux9n.default-1449915920718\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2015-12-12]
FF Extension: Self-Destructing Cookies - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\sws9ux9n.default-1449915920718\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2015-12-12]
FF Extension: Gmail Notifier (restartless) - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\sws9ux9n.default-1449915920718\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2015-12-12]
FF Extension: Offline QR generator - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\sws9ux9n.default-1449915920718\Extensions\jid1-5h9We5DytuZ14Q@jetpack.xpi [2015-12-12]
FF Extension: Magrent - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\sws9ux9n.default-1449915920718\Extensions\jid1-9tZMAIdeuiEjHg@jetpack.xpi [2015-12-12]
FF Extension: Google™ Translator - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\sws9ux9n.default-1449915920718\Extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi [2015-12-12]
FF Extension: Media Converter and Muxer - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\sws9ux9n.default-1449915920718\Extensions\jid1-kps5PrGBNtzSLQ@jetpack.xpi [2015-12-12]
FF Extension: YouTube™ HD Plus - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\sws9ux9n.default-1449915920718\Extensions\jid1-wkCmfgboni3B1Q@jetpack.xpi [2015-12-12]
FF Extension: ScribeFire Next - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\sws9ux9n.default-1449915920718\Extensions\next@scribefire.com.xpi [2015-12-12]
FF Extension: S3.Google Translator - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\sws9ux9n.default-1449915920718\Extensions\s3google@translator.xpi [2015-12-12]
FF Extension: TextMarker! - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\sws9ux9n.default-1449915920718\Extensions\{1c530060-b0ae-11d9-9669-0800200c9a66} [2015-12-12]
FF Extension: uBlock - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\sws9ux9n.default-1449915920718\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-12-12]
FF Extension: ImageGrabber - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\sws9ux9n.default-1449915920718\Extensions\{546d2a00-2bbf-11dc-8314-0800200c9a66}.xpi [2015-12-12]
FF Extension: Download Status Bar - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\sws9ux9n.default-1449915920718\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2015-12-12]
FF Extension: YouTube High Definition - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\sws9ux9n.default-1449915920718\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2015-12-12]
FF Extension: Video DownloadHelper - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\sws9ux9n.default-1449915920718\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-12-12]
FF Extension: Adblock Plus - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\sws9ux9n.default-1449915920718\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-12]
FF Extension: User Agent Switcher - C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\sws9ux9n.default-1449915920718\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2015-12-12]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-215365994-4116708778-355400220-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Stormrage\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found

Chrome:
=======
CHR NewTab: Default -> "chrome-extension://laookkfknpbbblfpciffpaejjkokdgca/dashboard.html"
CHR Profile: C:\Users\Stormrage\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Stormrage\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-24]
CHR Extension: (Google Drive) - C:\Users\Stormrage\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Stormrage\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24]
CHR Extension: (Google Search) - C:\Users\Stormrage\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-24]
CHR Extension: (Google Docs Offline) - C:\Users\Stormrage\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-24]
CHR Extension: (vGet Extension (Video Downloader, DLNA)) - C:\Users\Stormrage\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniladkejehjfchadikcbjmgjaogciic [2015-10-24]
CHR Extension: (uSelect iDownload) - C:\Users\Stormrage\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc [2015-10-24]
CHR Extension: (StumbleUpon) - C:\Users\Stormrage\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2015-10-24]
CHR Extension: (Momentum) - C:\Users\Stormrage\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2015-10-24]
CHR Extension: (Download Master) - C:\Users\Stormrage\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2015-10-24]
CHR Extension: (GetThemAll Video Downloader) - C:\Users\Stormrage\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2015-10-24]
CHR Extension: (Autofill) - C:\Users\Stormrage\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk [2015-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stormrage\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-24]
CHR Extension: (Gmail) - C:\Users\Stormrage\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-24]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-215365994-4116708778-355400220-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService7; C:\Program Files (x86)\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2015-03-11] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-03-11] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-03-11] (BlueStack Systems, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2521080 2015-11-19] (ESET)
R2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-06] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-11-05] (NVIDIA Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-11-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-11-05] (NVIDIA Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [92160 2015-02-17] (Code Sector) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-02-13] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 SophosVirusRemovalTool; C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2015-03-11] (BlueStack Systems)
R3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [33080 2015-03-25] (Dev47Apps)
R3 DroidCamVideo; C:\Windows\System32\DRIVERS\droidcamvideo.sys [228408 2015-03-25] (Dev47Apps)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263528 2015-11-16] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-11-16] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2015-11-16] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [206312 2015-11-16] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52872 2015-11-16] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [69840 2015-11-16] (ESET)
S3 h647906; C:\Windows\System32\drivers\h647906.sys [63856 2008-08-08] (Your Corporation)
S3 h648101; C:\Windows\System32\drivers\h648101.sys [65776 2008-08-08] (Your Corporation)
S3 h648103; C:\Windows\System32\drivers\h648103.sys [62960 2008-08-08] (Your Corporation)
S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [41272 2008-08-08] (Your Corporation)
S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.sys [43192 2008-08-08] (Your Corporation)
S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [40856 2008-08-08] (Your Corporation)
R3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [164864 2014-09-29] (ITE                      )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-07] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-11-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 prwntdrv; C:\Windows\system32\prwntdrv.sys [18528 2014-10-23] ()
S3 prwntdrv; C:\Windows\SysWOW64\prwntdrv.sys [15456 2014-10-23] ()
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S4 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [86680 2016-01-07] (Dataram, Inc.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 cpuz137; \??\C:\Users\STORMR~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-10 20:47 - 2016-01-10 20:48 - 00000000 ____D C:\FRST
2016-01-10 20:01 - 2016-01-10 20:01 - 00007875 _____ C:\Users\Stormrage\Downloads\[kat.cr]kon.boot.v2.4.iso.torrent
2016-01-10 19:56 - 2016-01-10 19:56 - 00001988 _____ C:\Users\Stormrage\Downloads\[kat.cr]kon.boot.for.windows.2.5.0.retail.deepstatus.torrent
2016-01-10 15:04 - 2016-01-10 15:04 - 00003160 _____ C:\Windows\System32\Tasks\SidebarExecute
2016-01-10 12:48 - 2016-01-10 14:26 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2016-01-09 19:41 - 2016-01-10 14:06 - 00003062 _____ C:\Windows\System32\Tasks\Stop SVCHOST CPU
2016-01-09 17:27 - 2016-01-09 17:27 - 00003328 _____ C:\Windows\System32\Tasks\SmartDefrag4_Startup
2016-01-09 17:27 - 2016-01-09 17:27 - 00003326 _____ C:\Windows\System32\Tasks\SmartDefrag4_Update
2016-01-09 17:25 - 2016-01-10 20:19 - 00000000 ____D C:\ProgramData\ProductData
2016-01-09 16:12 - 2016-01-09 16:12 - 00000000 ____D C:\Windows\CheckSur
2016-01-09 15:40 - 2016-01-09 15:40 - 00000236 _____ C:\Users\Stormrage\Desktop\Wufix.reg
2016-01-09 14:21 - 2015-10-20 20:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-01-09 14:21 - 2015-10-20 20:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-01-09 14:21 - 2015-10-20 20:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-01-09 14:21 - 2015-10-20 20:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-01-09 14:21 - 2015-10-20 20:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-01-09 14:21 - 2015-10-20 20:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-01-09 14:21 - 2015-10-20 20:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-01-09 14:21 - 2015-10-20 20:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-01-09 14:21 - 2015-10-20 20:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-01-09 14:21 - 2015-10-20 20:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-01-09 14:21 - 2015-10-20 20:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-01-09 14:21 - 2015-10-20 19:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-01-09 14:21 - 2015-10-20 19:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-01-09 14:21 - 2015-10-20 19:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-01-09 14:21 - 2015-10-20 19:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-01-09 14:21 - 2015-10-20 19:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-01-09 14:11 - 2016-01-09 14:11 - 00000132 _____ C:\Users\Stormrage\Desktop\UpdateX.bat
2016-01-09 12:31 - 2016-01-09 12:31 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-01-09 12:06 - 2016-01-09 12:06 - 00671303 _____ C:\Users\Stormrage\Downloads\Adolf_Hitler_-_Mojata_borba_-1559-b.txt.zip
2016-01-09 11:58 - 2016-01-09 11:58 - 00000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-09 11:58 - 2016-01-09 11:58 - 00000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-09 11:58 - 2016-01-09 11:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-01-09 11:57 - 2016-01-09 11:57 - 47658752 _____ C:\Users\Stormrage\Downloads\Firefox Setup 43.0.4.exe
2016-01-09 11:33 - 2015-07-01 22:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-01-09 11:33 - 2015-07-01 22:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-01-09 11:33 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-01-09 11:33 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-01-09 01:33 - 2016-01-09 01:33 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2016-01-09 01:23 - 2016-01-09 01:23 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2016-01-08 22:36 - 2016-01-08 22:36 - 00000016 _____ C:\ProgramData\mntemp
2016-01-08 18:27 - 2016-01-09 01:30 - 00000000 ____D C:\Program Files\Nightly
2016-01-08 18:01 - 2016-01-09 01:26 - 00000000 ____D C:\ProgramData\Sophos
2016-01-08 17:57 - 2016-01-08 17:57 - 00001593 _____ C:\Users\Stormrage\Desktop\JRT.txt
2016-01-08 17:26 - 2016-01-08 17:41 - 00000000 ____D C:\AdwCleaner
2016-01-07 21:38 - 2016-01-07 21:39 - 00000000 ____D C:\Program Files (x86)\RAMDisk
2016-01-07 21:38 - 2016-01-07 21:38 - 00086680 _____ (Dataram, Inc.) C:\Windows\system32\Drivers\RAMDiskVE.sys
2016-01-07 21:38 - 2016-01-07 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAMDisk
2016-01-07 20:15 - 2016-01-07 20:15 - 00002270 _____ C:\Users\Administrator\Desktop\Rkill.txt
2016-01-07 20:14 - 2016-01-07 20:14 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill.exe
2016-01-07 19:39 - 2016-01-07 20:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-07 19:27 - 2016-01-07 20:14 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2016-01-07 19:24 - 2016-01-07 19:24 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.09.3.1001.exe.part
2016-01-07 19:24 - 2016-01-07 19:24 - 00000000 _____ C:\Users\Administrator\Downloads\mbar-1.09.3.1001.exe
2016-01-07 18:59 - 2016-01-07 18:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Kodi
2016-01-07 18:47 - 2016-01-07 18:47 - 00891392 _____ (Farbar) C:\Users\Administrator\Downloads\MiniToolBox.exe
2016-01-07 18:32 - 2016-01-07 18:34 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2016-01-07 18:29 - 2016-01-09 01:29 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2016-01-07 18:26 - 2016-01-07 18:26 - 00002022 _____ C:\Users\Administrator\Desktop\Customize Fences.lnk
2016-01-07 18:26 - 2016-01-07 18:26 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Stardock
2016-01-07 18:25 - 2016-01-07 18:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\IObit
2016-01-07 18:25 - 2016-01-07 18:25 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\IObit
2016-01-04 23:24 - 2016-01-04 23:24 - 00002027 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2016-01-04 23:24 - 2016-01-04 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-01-04 23:24 - 2016-01-04 23:24 - 00000000 ____D C:\ProgramData\ESET
2016-01-04 21:52 - 2016-01-04 21:52 - 00000000 ____D C:\New folder
2016-01-01 23:25 - 2016-01-01 23:25 - 00044762 _____ C:\Users\Stormrage\Downloads\creed.2015.dvdscr.xvid.ac3.hq.hive-cm8(subsunacs.net).rar
2015-12-29 17:55 - 2015-12-29 17:55 - 09479872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-12-27 10:28 - 2015-12-27 10:28 - 00002037 _____ C:\Users\Stormrage\Desktop\Ace Stream Media Center.lnk
2015-12-27 10:28 - 2015-12-27 10:28 - 00001933 _____ C:\Users\Stormrage\Desktop\Ace Player.lnk
2015-12-27 10:28 - 2015-12-27 10:28 - 00000000 ____D C:\Users\Stormrage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
2015-12-24 22:25 - 2015-12-24 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-12-20 12:37 - 2015-12-20 12:37 - 00002147 _____ C:\Users\Stormrage\Desktop\Smart Cutter.lnk
2015-12-20 12:37 - 2015-12-20 12:37 - 00000000 ____D C:\Users\Stormrage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FameRing
2015-12-20 12:37 - 2015-12-20 12:37 - 00000000 ____D C:\Users\Stormrage\AppData\Roaming\fltk.org
2015-12-20 12:37 - 2015-12-20 12:37 - 00000000 ____D C:\Users\Stormrage\AppData\Roaming\FameRing
2015-12-20 12:37 - 2015-12-20 12:37 - 00000000 ____D C:\ProgramData\fltk.org
2015-12-20 12:33 - 2015-12-20 12:33 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-12-20 12:33 - 2015-12-20 12:33 - 00000000 ____D C:\Users\Stormrage\AppData\Roaming\MPEG Streamclip
2015-12-20 12:33 - 2015-12-20 12:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-12-20 12:33 - 2015-12-20 12:33 - 00000000 ____D C:\ProgramData\Apple Computer
2015-12-20 12:33 - 2015-12-20 12:33 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-12-18 11:56 - 2015-12-18 11:56 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-18 11:56 - 2015-12-18 11:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-18 11:56 - 2015-12-18 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-16 18:36 - 2015-12-16 18:39 - 00000000 ____D C:\Users\Stormrage\Desktop\VideoEdit
2015-12-14 17:02 - 2015-12-14 17:04 - 25098557 _____ C:\Users\Stormrage\Desktop\[Vimeo-14904354] _It_s All Good_ teaser.mp4
2015-12-13 13:40 - 2015-12-27 10:27 - 00000000 ____D C:\Users\Stormrage\AppData\Local\Degoo
2015-12-13 13:40 - 2015-12-13 13:40 - 00000000 ____D C:\Users\Stormrage\.swt
2015-12-12 23:04 - 2015-12-12 23:04 - 00000583 _____ C:\Users\Public\Desktop\Valiant Hearts The Great War.lnk
2015-12-12 23:04 - 2015-12-12 23:04 - 00000583 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valiant Hearts The Great War.lnk
2015-12-12 19:13 - 2015-12-12 19:13 - 00000611 _____ C:\Users\Stormrage\Desktop\IPTV.exe - Shortcut.lnk
2015-12-12 18:52 - 2015-12-20 12:56 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2015-12-12 18:52 - 2015-12-20 12:56 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2015-12-12 16:19 - 2015-12-12 16:19 - 00000000 ____D C:\Users\Stormrage\AppData\Roaming\uplay

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-10 20:48 - 2015-05-18 19:37 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d091914fdebb5e.job
2016-01-10 20:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows
2016-01-10 20:44 - 2014-11-30 16:55 - 00000000 ____D C:\Users\Stormrage\Documents\AirDroid
2016-01-10 20:42 - 2015-02-08 00:29 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d043258adf2e99.job
2016-01-10 20:42 - 2015-02-03 21:21 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-10 20:39 - 2015-10-25 22:35 - 00000000 ____D C:\Users\Stormrage\AppData\Roaming\Kodi
2016-01-10 20:38 - 2009-07-14 06:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-10 20:38 - 2009-07-14 06:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-10 20:36 - 2009-07-14 07:13 - 00772352 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-10 20:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-01-10 20:31 - 2015-08-29 18:46 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e27a3501ad70.job
2016-01-10 20:31 - 2015-07-15 22:43 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf3eec5145ba.job
2016-01-10 20:31 - 2015-05-18 19:37 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d091914f135214.job
2016-01-10 20:31 - 2014-10-01 14:57 - 00000000 ____D C:\Program Files (x86)\Advanced SystemCare 7
2016-01-10 20:30 - 2014-09-28 20:15 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-10 20:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-10 20:20 - 2015-04-14 22:21 - 00000000 ____D C:\Users\Stormrage\AppData\Roaming\TeamViewer
2016-01-10 20:14 - 2015-09-28 14:30 - 00000000 ____D C:\Users\Stormrage\AppData\Roaming\qBittorrent
2016-01-10 20:14 - 2014-09-29 12:06 - 00000000 ____D C:\Users\Stormrage\AppData\Roaming\Everything
2016-01-10 19:55 - 2015-03-29 20:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-10 19:51 - 2015-08-29 18:46 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e27a3579020f.job
2016-01-10 19:51 - 2015-07-15 22:43 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf3eececebc1.job
2016-01-10 19:31 - 2015-10-24 20:12 - 00000000 ____D C:\Users\Stormrage\AppData\Roaming\NetSpeedMonitor
2016-01-10 17:11 - 2014-09-28 21:40 - 00000000 ____D C:\ProgramData\ProgDVB
2016-01-10 15:51 - 2014-09-28 21:38 - 00000000 ____D C:\Program Files\ProgDVB
2016-01-10 15:45 - 2014-11-18 17:20 - 00000000 ____D C:\Program Files (x86)\ProgDVB
2016-01-10 15:10 - 2009-07-14 06:45 - 00361744 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-10 15:09 - 2010-11-21 09:16 - 00000000 ____D C:\Windows\CSC
2016-01-10 15:02 - 2009-07-14 04:34 - 00000535 _____ C:\Windows\win.ini
2016-01-10 14:55 - 2014-09-28 21:10 - 00089824 _____ C:\Users\Stormrage\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-09 19:22 - 2014-09-28 19:58 - 00000000 ____D C:\Users\Stormrage\AppData\Roaming\Skype
2016-01-09 17:34 - 2014-10-01 14:58 - 00002087 _____ C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2016-01-09 17:26 - 2014-10-01 14:58 - 00000000 ____D C:\Users\Stormrage\AppData\Roaming\IObit
2016-01-09 16:21 - 2015-12-07 17:13 - 00000000 ____D C:\Scripts
2016-01-09 15:45 - 2014-09-29 10:10 - 00000000 ____D C:\Users\Stormrage\AppData\Roaming\Spotify
2016-01-09 14:26 - 2009-07-14 07:08 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-09 14:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-01-09 13:02 - 2014-09-29 11:43 - 00000000 ____D C:\Users\Stormrage\AppData\Local\ElevatedDiagnostics
2016-01-09 11:58 - 2015-11-28 00:30 - 00000000 ____D C:\Users\Stormrage\AppData\LocalLow\Mozilla
2016-01-09 11:58 - 2014-09-28 19:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-09 01:53 - 2014-09-29 13:00 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Everything
2016-01-09 01:22 - 2014-12-02 22:56 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-01-08 22:55 - 2015-02-02 02:36 - 00000000 ____D C:\Users\Stormrage\Documents\FIFA 15
2016-01-08 17:55 - 2014-10-01 14:58 - 00000000 ____D C:\ProgramData\IObit
2016-01-08 17:55 - 2014-10-01 14:58 - 00000000 ____D C:\Program Files (x86)\IObit
2016-01-07 21:38 - 2015-02-12 00:43 - 00001853 _____ C:\Users\Public\Desktop\RAMDisk Configuration Utility.lnk
2016-01-07 20:44 - 2014-12-03 01:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-07 19:38 - 2014-12-03 01:40 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-07 19:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system
2016-01-07 18:41 - 2014-09-29 12:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2016-01-07 18:26 - 2014-09-29 12:50 - 00089824 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-07 18:25 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-06 19:13 - 2014-11-07 00:10 - 00000000 ____D C:\Users\Stormrage\AppData\Roaming\MPC-HC
2016-01-06 19:11 - 2015-03-15 18:29 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-04 22:15 - 2014-09-28 19:38 - 00000000 ____D C:\Users\Stormrage\AppData\Roaming\Mozilla
2016-01-04 21:46 - 2015-03-29 20:44 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-04 21:46 - 2015-03-29 20:44 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-04 21:46 - 2015-03-29 20:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-04 21:46 - 2014-09-28 19:51 - 00000000 ____D C:\Users\Stormrage\AppData\Local\Adobe
2016-01-01 21:30 - 2014-09-28 21:12 - 00000973 _____ C:\Users\Stormrage\Desktop\Daum Potplayer-64 Bits.lnk
2015-12-30 00:20 - 2014-11-30 16:55 - 00000000 ____D C:\Program Files (x86)\AirDroid
2015-12-27 10:27 - 2015-03-15 15:48 - 00000000 ____D C:\Windows\system32\appmgmt
2015-12-25 20:01 - 2014-10-31 21:18 - 00000000 ____D C:\Users\Stormrage\AppData\Roaming\livestreamer
2015-12-24 22:25 - 2015-09-28 14:30 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2015-12-24 16:37 - 2014-10-02 15:20 - 00000000 ____D C:\Users\Stormrage\AppData\Roaming\uTorrent
2015-12-20 16:52 - 2015-05-26 22:22 - 00000000 ____D C:\Users\Stormrage\AppData\Roaming\avidemux
2015-12-18 11:56 - 2014-09-28 19:58 - 00000000 ____D C:\Users\Stormrage\AppData\Local\Skype
2015-12-18 11:56 - 2014-09-28 19:58 - 00000000 ____D C:\ProgramData\Skype
2015-12-16 18:37 - 2015-09-22 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux (64 bits)
2015-12-13 13:40 - 2014-09-28 19:13 - 00000000 ____D C:\Users\Stormrage
2015-12-12 23:05 - 2014-10-04 01:49 - 00000000 ____D C:\ProgramData\Orbit
2015-12-12 19:13 - 2015-11-20 16:09 - 00000000 ____D C:\Users\Stormrage\Desktop\New folder
2015-12-12 18:38 - 2014-10-14 00:22 - 00000000 ____D C:\Users\Stormrage\Documents\My Games
2015-12-12 18:34 - 2015-12-05 15:58 - 00003888 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-12-12 18:34 - 2014-10-01 16:36 - 00003272 _____ C:\Windows\System32\Tasks\Clock
2015-12-12 14:02 - 2014-10-02 12:04 - 00000000 ____D C:\Users\Stormrage\AppData\Roaming\vlc
2015-12-12 10:44 - 2014-09-28 20:37 - 00000000 ____D C:\Users\Stormrage\AppData\Roaming\BitComet

==================== Files in the root of some directories =======

2015-10-18 20:39 - 2015-10-18 20:39 - 0088870 _____ () C:\Users\Stormrage\AppData\Local\flashgotGB.7z
2015-10-20 13:30 - 2015-10-18 20:27 - 8300589 _____ () C:\Users\Stormrage\AppData\Local\flashgotGB.html
2015-10-22 01:45 - 2015-10-22 01:45 - 25712014 _____ () C:\Users\Stormrage\AppData\Local\http___c.xme.net_11c2[00000-99999].jpg.bidlist
2015-02-11 22:49 - 2015-02-11 22:49 - 0000001 _____ () C:\Users\Stormrage\AppData\Local\llftool.4.40.agreement
2015-04-22 21:18 - 2015-04-22 21:18 - 0000697 _____ () C:\Users\Stormrage\AppData\Local\recently-used.xbel
2014-10-01 15:26 - 2015-07-02 14:15 - 0007635 _____ () C:\Users\Stormrage\AppData\Local\Resmon.ResmonCfg
2015-03-08 15:42 - 2015-03-08 15:43 - 0000000 _____ () C:\Users\Stormrage\AppData\Local\{1D01362C-26F3-4EA5-93DB-06714F6AFB73}
2015-03-08 15:42 - 2015-03-08 15:43 - 0000000 _____ () C:\Users\Stormrage\AppData\Local\{CF5344B8-AA21-448B-BEA7-52634ECAD5DD}
2015-03-25 18:02 - 2015-03-25 18:02 - 0000035 _____ () C:\ProgramData\droidcam-settings
2014-11-30 19:48 - 2014-11-30 19:48 - 0000215 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2016-01-08 22:36 - 2016-01-08 22:36 - 0000016 _____ () C:\ProgramData\mntemp
2014-09-28 21:40 - 2014-09-28 21:40 - 0012633 _____ () C:\ProgramData\mxnhytee.feu

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-31 18:51

==================== End of FRST.txt ============================

Attached Files


Edited by Stormrage, 10 January 2016 - 04:17 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 PM

Posted 15 January 2016 - 02:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/601881 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 PM

Posted 20 January 2016 - 02:35 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users