Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible infection: One process of chrome.exe *32 has very high (50%)


  • This topic is locked This topic is locked

#1
djmaxaaron

djmaxaaron

    New Member

  • Member
  • Pip
  • 9 posts

So after downloading shady files, I contracted a large amount of viruses which for the most part seem to be gone after running some virus scans. However, this has left a problem in which one of my chrome.exe 32's would have a ridiculously high cpu usage and would leave my usage at a constant 80-100% as well as the memory. This causes my computer to lag a lot and now I am not sure what to do now. Would love to have some help in fixing this.


Edited by djmaxaaron, 04 August 2014 - 01:17 AM.

  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi there, wavey.gif.pagespeed.ce.4AQn4GwL8t.gif Welcome to the forums!
welcome.gif.pagespeed.ce.jM2aDq5TfO.gif. My name is Biscuithd and I will be assisting you with your Computer issues.

I know how upsetting it can be when one's computer is experiencing problems. I will try to help get things squared away. For a start please make sure that you...

  • Carefully read every post completely before doing anything.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.

Let's get started.

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.


  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.

 


  • 0

#3
djmaxaaron

djmaxaaron

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Alright sure, so this is the FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by USER (administrator) on USER-PC on 04-08-2014 13:18:47
Running from C:\Users\USER\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\USER\AppData\Local\Hyper - Browser\Hyper - Browser.exe
(The Chromium Authors) C:\Users\USER\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\USER\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\USER\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\USER\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(The Chromium Authors) C:\Users\USER\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\USER\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\USER\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\USER\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\USER\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\USER\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3385489291-3797028483-2866025970-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-02-14] (AMD)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7E30C97B03A0CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {971FC730-55F1-461F-83FD-B3BF5E1F039E} http://192.168.1.68/AVC_AX_742.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B89CE93C-F058-4423-AD4F-B552A5C6E64A}: [NameServer]8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @gomtv.com/gomtvx-plugin -> C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll (Gretech Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-09-29]
 
Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (gomtvx NIE Module) - C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll (Gretech Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Inaba Himeko Theme) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\flooilpmbaknnlpnonlaccahmplanfln [2014-04-26]
CHR Extension: (AdBlock) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-26]
CHR Extension: (Google Wallet) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-07-18] (Echobit LLC)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-08-03] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [614680 2013-09-12] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-07-18] (Echobit, LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD}; \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-04 13:18 - 2014-08-04 13:19 - 00019770 _____ () C:\Users\USER\Downloads\FRST.txt
2014-08-04 13:18 - 2014-08-04 13:18 - 02094080 _____ (Farbar) C:\Users\USER\Downloads\FRST64.exe
2014-08-04 13:18 - 2014-08-04 13:18 - 00415232 _____ (Farbar) C:\Users\USER\Downloads\FSS.exe
2014-08-04 13:18 - 2014-08-04 13:18 - 00000000 ____D () C:\FRST
2014-08-04 13:17 - 2014-08-04 13:17 - 01084928 _____ (Farbar) C:\Users\USER\Downloads\FRST.exe
2014-08-04 13:16 - 2014-08-04 13:16 - 00000000 ____D () C:\MATS
2014-08-04 13:14 - 2014-08-04 13:15 - 00347816 _____ (Microsoft Corporation) C:\Users\USER\Downloads\MicrosoftFixit.ProgramInstallUninstall.MATSKB.Run.exe
2014-08-04 01:29 - 2014-08-04 01:29 - 01578520 _____ (Koyote-Lab Inc) C:\Users\USER\Downloads\FreeMp3WmaConverterSetup-r186-n-bc.exe
2014-08-03 23:50 - 2014-08-04 03:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-03 23:50 - 2014-08-03 23:50 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-03 23:50 - 2014-08-03 23:50 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-03 23:50 - 2014-08-03 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-03 23:49 - 2014-08-04 13:12 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-03 23:49 - 2014-08-03 23:49 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-03 23:31 - 2014-08-03 23:31 - 00000000 ___SD () C:\32788R22FWJFW
2014-08-03 23:28 - 2014-08-03 23:28 - 00035524 _____ () C:\ComboFix.txt
2014-08-03 23:26 - 2014-08-04 13:12 - 00001172 _____ () C:\Windows\PFRO.log
2014-08-03 23:26 - 2014-08-04 13:12 - 00000168 _____ () C:\Windows\setupact.log
2014-08-03 23:26 - 2014-08-03 23:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-03 23:20 - 2014-08-03 23:31 - 00000000 ____D () C:\Windows\erdnt
2014-08-03 23:18 - 2014-08-03 23:19 - 05566616 _____ (Swearware) C:\Users\USER\Downloads\ComboFix.exe
2014-08-03 22:16 - 2014-08-03 22:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-03 22:15 - 2014-08-03 22:16 - 02347384 _____ (ESET) C:\Users\USER\Downloads\esetsmartinstaller_enu.exe
2014-08-03 21:44 - 2014-08-03 21:44 - 00000000 ____D () C:\Users\USER\AppData\Local\Chromium
2014-08-03 21:31 - 2014-08-03 21:39 - 00007605 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2014-08-03 21:21 - 2014-08-03 21:21 - 01361309 _____ () C:\Users\USER\Downloads\adwcleaner_3.302.exe
2014-08-03 20:04 - 2014-08-03 20:04 - 00000000 ____D () C:\Users\USER\AppData\Roaming\SYSTEMAX Software Development
2014-08-03 20:04 - 2014-08-03 20:04 - 00000000 ____D () C:\ProgramData\SYSTEMAX Software Development
2014-08-03 20:03 - 2014-08-03 20:03 - 00000000 ____D () C:\Users\USER\Desktop\PaintTool SAI English Pack(2)
2014-08-03 20:01 - 2014-08-03 20:01 - 00000000 __SHD () C:\Users\USER\AppData\Local\EmieUserList
2014-08-03 20:01 - 2014-08-03 20:01 - 00000000 __SHD () C:\Users\USER\AppData\Local\EmieSiteList
2014-08-03 19:25 - 2014-08-03 19:25 - 00000702 _____ () C:\Users\USER\Desktop\JRT.txt
2014-08-03 19:19 - 2014-08-03 19:19 - 01016261 _____ (Thisisu) C:\Users\USER\Downloads\JRT.exe
2014-08-03 19:19 - 2014-08-03 19:19 - 00000000 ____D () C:\Windows\ERUNT
2014-08-03 19:09 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-03 19:08 - 2014-08-03 23:45 - 00000000 ____D () C:\AdwCleaner
2014-08-03 19:08 - 2014-08-03 19:08 - 01361309 _____ () C:\Users\USER\Desktop\AdwCleaner.exe
2014-08-03 19:06 - 2014-08-03 19:07 - 11526415 _____ () C:\Users\USER\Downloads\PaintTool SAI English Pack(2).rar
2014-08-03 18:34 - 2014-08-03 18:34 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-03 18:34 - 2014-08-03 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-03 18:34 - 2014-08-03 18:34 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-03 18:33 - 2014-08-03 18:36 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-03 18:32 - 2014-08-03 18:33 - 11188736 _____ (SurfRight B.V.) C:\Users\USER\Downloads\HitmanPro_x64.exe
2014-08-03 18:10 - 2014-08-03 18:17 - 00000000 ____D () C:\Users\USER\AppData\Local\20464
2014-08-03 18:09 - 2014-08-03 18:36 - 00002294 _____ () C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-03 18:09 - 2014-08-03 18:11 - 00000000 ____D () C:\Users\USER\AppData\Local\Hyper - Browser
2014-08-03 18:09 - 2014-08-03 18:09 - 00004566 _____ () C:\Windows\System32\Tasks\Hyper - Browser Runner
2014-08-03 15:07 - 2014-08-03 15:07 - 00000874 _____ () C:\Windows\SysWOW64\msexcr.ini
2014-08-02 18:00 - 2014-08-02 18:00 - 20163174 _____ () C:\Users\USER\Downloads\Ice.zip
2014-07-22 13:54 - 2014-07-22 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-22 13:54 - 2014-07-22 13:54 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-18 16:08 - 2014-07-18 16:08 - 00021656 _____ (Echobit, LLC) C:\Windows\system32\Drivers\evolve.sys
2014-07-18 16:08 - 2014-07-18 16:08 - 00002023 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
2014-07-18 16:08 - 2014-07-18 16:08 - 00002011 _____ () C:\Users\Public\Desktop\Evolve.lnk
2014-07-18 16:08 - 2014-07-18 16:08 - 00000000 ____D () C:\Users\USER\AppData\Local\Echobit
2014-07-18 16:08 - 2014-07-18 16:08 - 00000000 ____D () C:\ProgramData\Echobit
2014-07-18 16:08 - 2014-07-18 16:08 - 00000000 ____D () C:\Program Files\Echobit
2014-07-18 16:07 - 2014-07-18 16:08 - 03258328 _____ (Echobit LLC) C:\Users\USER\Downloads\EvolveSetup.exe
2014-07-18 16:03 - 2014-07-18 16:03 - 00000222 _____ () C:\Users\USER\Desktop\Unturned.url
2014-07-17 22:23 - 2014-07-17 22:23 - 174178700 _____ () C:\Users\USER\Downloads\ZTST.zip
2014-07-16 13:08 - 2014-07-16 13:08 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-15 20:35 - 2014-07-15 20:35 - 00001111 _____ () C:\Users\USER\Desktop\Katawa Shoujo.lnk
2014-07-15 20:35 - 2014-07-15 20:35 - 00000000 ____D () C:\Users\USER\AppData\Roaming\RenPy
2014-07-15 20:34 - 2014-07-15 20:35 - 00000000 ____D () C:\Program Files (x86)\Katawa Shoujo
2014-07-15 20:32 - 2014-07-15 20:34 - 444251517 _____ () C:\Users\USER\Downloads\[4ls]_katawa_shoujo_1.1-[windows][8AACDD32].exe
2014-07-15 03:41 - 2014-08-04 00:11 - 00000000 ____D () C:\Users\USER\Desktop\cowboy bebop 9
2014-07-13 01:09 - 2014-08-03 22:36 - 00001162 _____ () C:\Users\USER\Desktop\manga.txt
2014-07-11 16:32 - 2014-07-11 16:32 - 00000219 _____ () C:\Users\USER\Desktop\Counter-Strike Global Offensive.url
2014-07-11 03:39 - 2014-07-11 03:39 - 27060196 _____ () C:\Users\USER\Downloads\No Game No Life.zip
2014-07-11 03:37 - 2014-07-11 03:37 - 26507407 _____ () C:\Users\USER\Downloads\Nisekoi.zip
2014-07-08 13:22 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 13:22 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 13:22 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 13:22 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 13:22 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 13:22 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 13:22 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 13:22 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 13:22 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 13:22 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 13:22 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 13:22 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 13:22 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 13:22 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 13:22 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 13:22 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 13:22 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 13:22 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 13:22 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 13:22 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 13:22 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 13:22 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 13:22 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 13:22 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 13:22 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 13:22 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 13:22 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 13:22 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 13:22 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 13:22 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 13:22 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 13:22 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 13:22 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 13:22 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 13:22 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 13:22 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 13:22 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 13:22 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 13:22 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 13:22 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 13:22 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 13:22 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 13:22 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 13:22 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 13:22 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 13:22 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 13:22 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 13:22 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 13:22 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 13:22 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 13:22 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 13:22 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 13:22 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 13:22 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 13:22 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 13:22 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 13:22 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 13:22 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 13:22 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 13:22 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 13:22 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 13:22 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 13:22 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 13:22 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 13:22 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 13:22 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 13:22 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 13:22 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 13:22 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 13:22 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 13:22 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 13:22 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 13:22 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 13:22 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 13:22 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 13:22 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 13:21 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 13:21 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 13:21 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-04 13:19 - 2014-08-04 13:18 - 00019770 _____ () C:\Users\USER\Downloads\FRST.txt
2014-08-04 13:18 - 2014-08-04 13:18 - 02094080 _____ (Farbar) C:\Users\USER\Downloads\FRST64.exe
2014-08-04 13:18 - 2014-08-04 13:18 - 00415232 _____ (Farbar) C:\Users\USER\Downloads\FSS.exe
2014-08-04 13:18 - 2014-08-04 13:18 - 00000000 ____D () C:\FRST
2014-08-04 13:18 - 2009-07-13 22:13 - 00006742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-04 13:18 - 2009-07-13 21:45 - 00028128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-04 13:18 - 2009-07-13 21:45 - 00028128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-04 13:17 - 2014-08-04 13:17 - 01084928 _____ (Farbar) C:\Users\USER\Downloads\FRST.exe
2014-08-04 13:17 - 2013-11-28 11:02 - 01785211 _____ () C:\Windows\WindowsUpdate.log
2014-08-04 13:16 - 2014-08-04 13:16 - 00000000 ____D () C:\MATS
2014-08-04 13:15 - 2014-08-04 13:14 - 00347816 _____ (Microsoft Corporation) C:\Users\USER\Downloads\MicrosoftFixit.ProgramInstallUninstall.MATSKB.Run.exe
2014-08-04 13:13 - 2012-10-01 09:37 - 00003486 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-08-04 13:12 - 2014-08-03 23:49 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-04 13:12 - 2014-08-03 23:26 - 00001172 _____ () C:\Windows\PFRO.log
2014-08-04 13:12 - 2014-08-03 23:26 - 00000168 _____ () C:\Windows\setupact.log
2014-08-04 13:12 - 2013-11-16 23:24 - 00000000 ____D () C:\Users\USER\AppData\Local\LogMeIn Hamachi
2014-08-04 13:12 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-04 03:55 - 2014-08-03 23:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-04 03:52 - 2012-09-29 18:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-04 03:51 - 2014-05-24 10:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 01:29 - 2014-08-04 01:29 - 01578520 _____ (Koyote-Lab Inc) C:\Users\USER\Downloads\FreeMp3WmaConverterSetup-r186-n-bc.exe
2014-08-04 01:21 - 2013-06-24 18:48 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-08-04 00:11 - 2014-07-15 03:41 - 00000000 ____D () C:\Users\USER\Desktop\cowboy bebop 9
2014-08-03 23:50 - 2014-08-03 23:50 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-03 23:50 - 2014-08-03 23:50 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-03 23:50 - 2014-08-03 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-03 23:50 - 2013-06-04 22:23 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-03 23:49 - 2014-08-03 23:49 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-03 23:49 - 2013-06-04 22:23 - 00000000 ____D () C:\Users\USER\AppData\Local\Deployment
2014-08-03 23:49 - 2013-06-04 22:23 - 00000000 ____D () C:\Users\USER\AppData\Local\Apps\2.0
2014-08-03 23:45 - 2014-08-03 19:08 - 00000000 ____D () C:\AdwCleaner
2014-08-03 23:31 - 2014-08-03 23:31 - 00000000 ___SD () C:\32788R22FWJFW
2014-08-03 23:31 - 2014-08-03 23:20 - 00000000 ____D () C:\Windows\erdnt
2014-08-03 23:28 - 2014-08-03 23:28 - 00035524 _____ () C:\ComboFix.txt
2014-08-03 23:28 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-08-03 23:27 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-03 23:26 - 2014-08-03 23:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-03 23:26 - 2009-07-13 19:34 - 78381056 _____ () C:\Windows\system32\config\software.bak
2014-08-03 23:26 - 2009-07-13 19:34 - 18874368 _____ () C:\Windows\system32\config\system.bak
2014-08-03 23:26 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-08-03 23:26 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-08-03 23:26 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-08-03 23:19 - 2014-08-03 23:18 - 05566616 _____ (Swearware) C:\Users\USER\Downloads\ComboFix.exe
2014-08-03 22:36 - 2014-07-13 01:09 - 00001162 _____ () C:\Users\USER\Desktop\manga.txt
2014-08-03 22:16 - 2014-08-03 22:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-03 22:16 - 2014-08-03 22:15 - 02347384 _____ (ESET) C:\Users\USER\Downloads\esetsmartinstaller_enu.exe
2014-08-03 21:44 - 2014-08-03 21:44 - 00000000 ____D () C:\Users\USER\AppData\Local\Chromium
2014-08-03 21:39 - 2014-08-03 21:31 - 00007605 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2014-08-03 21:21 - 2014-08-03 21:21 - 01361309 _____ () C:\Users\USER\Downloads\adwcleaner_3.302.exe
2014-08-03 20:09 - 2013-10-29 16:48 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Skype
2014-08-03 20:04 - 2014-08-03 20:04 - 00000000 ____D () C:\Users\USER\AppData\Roaming\SYSTEMAX Software Development
2014-08-03 20:04 - 2014-08-03 20:04 - 00000000 ____D () C:\ProgramData\SYSTEMAX Software Development
2014-08-03 20:03 - 2014-08-03 20:03 - 00000000 ____D () C:\Users\USER\Desktop\PaintTool SAI English Pack(2)
2014-08-03 20:01 - 2014-08-03 20:01 - 00000000 __SHD () C:\Users\USER\AppData\Local\EmieUserList
2014-08-03 20:01 - 2014-08-03 20:01 - 00000000 __SHD () C:\Users\USER\AppData\Local\EmieSiteList
2014-08-03 19:36 - 2009-07-13 22:08 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-03 19:25 - 2014-08-03 19:25 - 00000702 _____ () C:\Users\USER\Desktop\JRT.txt
2014-08-03 19:19 - 2014-08-03 19:19 - 01016261 _____ (Thisisu) C:\Users\USER\Downloads\JRT.exe
2014-08-03 19:19 - 2014-08-03 19:19 - 00000000 ____D () C:\Windows\ERUNT
2014-08-03 19:14 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-03 19:13 - 2013-11-16 23:24 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-08-03 19:08 - 2014-08-03 19:08 - 01361309 _____ () C:\Users\USER\Desktop\AdwCleaner.exe
2014-08-03 19:07 - 2014-08-03 19:06 - 11526415 _____ () C:\Users\USER\Downloads\PaintTool SAI English Pack(2).rar
2014-08-03 18:44 - 2012-09-29 18:23 - 00000000 ____D () C:\Program Files (x86)\GNU
2014-08-03 18:36 - 2014-08-03 18:33 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-03 18:36 - 2014-08-03 18:09 - 00002294 _____ () C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-03 18:34 - 2014-08-03 18:34 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-03 18:34 - 2014-08-03 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-03 18:34 - 2014-08-03 18:34 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-03 18:33 - 2014-08-03 18:32 - 11188736 _____ (SurfRight B.V.) C:\Users\USER\Downloads\HitmanPro_x64.exe
2014-08-03 18:31 - 2013-11-16 23:15 - 00000000 ____D () C:\Users\USER\AppData\Roaming\uTorrent
2014-08-03 18:31 - 2013-06-10 19:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-03 18:18 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\Performance
2014-08-03 18:17 - 2014-08-03 18:10 - 00000000 ____D () C:\Users\USER\AppData\Local\20464
2014-08-03 18:11 - 2014-08-03 18:09 - 00000000 ____D () C:\Users\USER\AppData\Local\Hyper - Browser
2014-08-03 18:09 - 2014-08-03 18:09 - 00004566 _____ () C:\Windows\System32\Tasks\Hyper - Browser Runner
2014-08-03 15:07 - 2014-08-03 15:07 - 00000874 _____ () C:\Windows\SysWOW64\msexcr.ini
2014-08-02 18:01 - 2013-08-30 19:35 - 00000000 ____D () C:\Users\USER\Desktop\poster
2014-08-02 18:00 - 2014-08-02 18:00 - 20163174 _____ () C:\Users\USER\Downloads\Ice.zip
2014-08-02 01:11 - 2013-06-05 15:37 - 00000000 ___RD () C:\Users\USER\Desktop\folder
2014-07-30 03:17 - 2013-10-22 23:02 - 00000000 ____D () C:\Users\USER\Desktop\920
2014-07-23 18:11 - 2012-09-29 18:07 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-23 18:11 - 2012-09-29 18:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-23 16:17 - 2012-09-29 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-22 13:54 - 2014-07-22 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-22 13:54 - 2014-07-22 13:54 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-22 13:54 - 2013-12-16 22:32 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-07-22 01:43 - 2014-03-10 16:01 - 00000136 _____ () C:\Users\USER\Desktop\art.txt
2014-07-21 15:56 - 2014-02-15 16:34 - 00000000 ____D () C:\Users\USER\Desktop\zankyou
2014-07-18 16:08 - 2014-07-18 16:08 - 00021656 _____ (Echobit, LLC) C:\Windows\system32\Drivers\evolve.sys
2014-07-18 16:08 - 2014-07-18 16:08 - 00002023 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
2014-07-18 16:08 - 2014-07-18 16:08 - 00002011 _____ () C:\Users\Public\Desktop\Evolve.lnk
2014-07-18 16:08 - 2014-07-18 16:08 - 00000000 ____D () C:\Users\USER\AppData\Local\Echobit
2014-07-18 16:08 - 2014-07-18 16:08 - 00000000 ____D () C:\ProgramData\Echobit
2014-07-18 16:08 - 2014-07-18 16:08 - 00000000 ____D () C:\Program Files\Echobit
2014-07-18 16:08 - 2014-07-18 16:07 - 03258328 _____ (Echobit LLC) C:\Users\USER\Downloads\EvolveSetup.exe
2014-07-18 16:06 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-18 16:03 - 2014-07-18 16:03 - 00000222 _____ () C:\Users\USER\Desktop\Unturned.url
2014-07-18 14:18 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-07-17 22:24 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-07-17 22:23 - 2014-07-17 22:23 - 174178700 _____ () C:\Users\USER\Downloads\ZTST.zip
2014-07-16 13:08 - 2014-07-16 13:08 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-15 20:35 - 2014-07-15 20:35 - 00001111 _____ () C:\Users\USER\Desktop\Katawa Shoujo.lnk
2014-07-15 20:35 - 2014-07-15 20:35 - 00000000 ____D () C:\Users\USER\AppData\Roaming\RenPy
2014-07-15 20:35 - 2014-07-15 20:34 - 00000000 ____D () C:\Program Files (x86)\Katawa Shoujo
2014-07-15 20:34 - 2014-07-15 20:32 - 444251517 _____ () C:\Users\USER\Downloads\[4ls]_katawa_shoujo_1.1-[windows][8AACDD32].exe
2014-07-13 17:19 - 2014-03-16 22:19 - 00000000 ____D () C:\Users\USER\Desktop\pzinndix
2014-07-12 14:42 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-07-11 16:32 - 2014-07-11 16:32 - 00000219 _____ () C:\Users\USER\Desktop\Counter-Strike Global Offensive.url
2014-07-11 16:32 - 2013-06-10 19:19 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-11 16:18 - 2014-04-20 01:37 - 00000000 ____D () C:\Users\USER\Desktop\kimi n oknife 28
2014-07-11 16:18 - 2014-01-06 13:19 - 00000000 ___RD () C:\Users\USER\Desktop\wallpapers
2014-07-11 03:39 - 2014-07-11 03:39 - 27060196 _____ () C:\Users\USER\Downloads\No Game No Life.zip
2014-07-11 03:37 - 2014-07-11 03:37 - 26507407 _____ () C:\Users\USER\Downloads\Nisekoi.zip
2014-07-11 03:37 - 2014-05-10 21:49 - 00000000 ____D () C:\Users\USER\Desktop\Other wallpapers
2014-07-09 09:52 - 2012-09-29 18:07 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 09:52 - 2012-09-29 18:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 09:52 - 2012-09-29 18:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 18:45 - 2009-07-13 21:45 - 05267168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-08 18:44 - 2011-04-12 01:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-08 18:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-08 18:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-08 16:23 - 2014-05-22 12:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-08 16:22 - 2012-10-01 10:58 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 16:22 - 2012-10-01 09:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
 
Files to move or delete:
====================
C:\Users\USER\jagex_cl_runescape_LIVE.dat
C:\Users\USER\jagex_cl_runescape_LIVE1.dat
C:\Users\USER\random.dat
 
 
Some content of TEMP:
====================
C:\Users\USER\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-31 21:55
 
==================== End Of Log ============================
 
Next is the Addition log
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by USER at 2014-08-04 13:19:40
Running from C:\Users\USER\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30416 - BitTorrent Inc.)
Adobe Acrobat X Pro - English, Fran?is, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.7 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2540 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Content Viewer (x32 Version: 1.4.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.898.1 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 12.3.103.20214 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
ASUS VGA Driver (x32 Version: 3.0.0.1 - 회사명) Hidden
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{043645C8-48EC-458F-B9BD-9C8F15CEF6F7}) (Version:  - Microsoft)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve )
Dota 2 Test (HKLM-x32\...\Steam App 205790) (Version:  - )
DragonNest (HKLM-x32\...\DragonNest) (Version:  - )
DTS+AC3 Filter (HKLM-x32\...\DtsFilter) (Version:  - )
EnuFontInstaller (HKLM-x32\...\{61048242-4586-417E-B51E-4A9FF54F317F}) (Version: 1.00.0000 - Hancom)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.6 - Echobit, LLC)
GOMTV Plug-in (HKLM-x32\...\GomTV Launcher Plugin) (Version: 1.0.0.3 - GRETECH CORP.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hanword 2010 (HKLM-x32\...\Haansoft HWord 80 Korean) (Version: 8.0.1 - Hancom)
Hanword 2010 (x32 Version: 8.0.1 - hancom) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HydraVision (x32 Version: 4.2.230.0 - Advanced Micro Devices, Inc.) Hidden
Hyper - Browser (HKLM-x32\...\Hyper - Browser) (Version: 77.0.0.425 - web research foundation) <==== ATTENTION
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
IPCMonitor_en 1.0.1.9 (HKLM-x32\...\{8EC13308-5065-43FA-A5E8-E225F18DAB89}_is1) (Version: 1.0.1.9 - IPCMonitor, Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.227 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.227 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MapleStory (HKLM-x32\...\MapleStory) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301042}) (Version: 7.02.9753 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
RRDtool (HKLM-x32\...\{63A5F548-B114-4413-BD9E-5EAF35F90779}) (Version: 1.4.5.0 - Tobias Oetiker)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{428CB7A0-1068-4CE1-8835-39C7ECD297ED}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.7-3 - Wacom Technology Corp.)
web control version 3.0.1.8 (HKLM-x32\...\{20779EFD-5A24-45F7-A133-132975478C4E}_is1) (Version: 3.0.1.8 - )
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3385489291-3797028483-2866025970-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
==================== Restore Points  =========================
 
04-08-2014 20:16:24  Muvic Smartbar 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2014-08-03 23:26 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {19429383-C75F-4257-86A0-4C8CC40EEEBD} - System32\Tasks\Microsoft\Windows\Maintenance\Hyper - Browser Update => %LOCALAPPDATA%\Hyper - Browser\Hyper - Browser.exe <==== ATTENTION
Task: {3217F71E-3FBA-451E-9CD1-C6CE5BF80A98} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {39F2EB22-0249-4689-A0B7-10C40C2418BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-03] (Google Inc.)
Task: {7F80011B-E575-4F53-A08B-217FB981C644} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-06-04] ()
Task: {959B3CE9-6057-41EC-8102-70AD8D037461} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)
Task: {B63D2416-CB8F-45CC-AF20-33624131A0C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-03] (Google Inc.)
Task: {BDA27D83-4138-4373-8E0D-AC6FA6112370} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {F402824D-4F46-4F8C-AC48-86DDE49770AC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {F8F50C26-6FDE-4494-A9AF-A682029AB312} - System32\Tasks\Hyper - Browser Runner => %LOCALAPPDATA%\Hyper - Browser\Hyper - Browser.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-23 16:07 - 2012-12-11 13:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-09-23 16:02 - 2013-09-12 18:08 - 01185048 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-07-24 06:05 - 2014-07-24 06:05 - 00099840 _____ () C:\Users\USER\AppData\Local\Hyper - Browser\Hyper - Browser.exe
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-08-03 23:50 - 2014-07-15 02:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-08-03 23:50 - 2014-07-15 02:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-08-03 23:50 - 2014-07-15 02:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-08-03 23:50 - 2014-07-15 02:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-08-03 23:50 - 2014-07-15 02:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-24 06:05 - 2014-07-24 06:05 - 00060416 _____ () C:\Users\USER\AppData\Local\Hyper - Browser\Modules\ManXec.dll
2014-07-24 06:05 - 2014-07-24 06:05 - 00039936 _____ () C:\Users\USER\AppData\Local\Hyper - Browser\Modules\PrfIns.dll
2014-07-24 06:05 - 2014-07-24 06:05 - 00047616 _____ () C:\Users\USER\AppData\Local\Hyper - Browser\Modules\WbSes.dll
2014-07-24 06:05 - 2014-07-24 06:05 - 00046592 _____ () C:\Users\USER\AppData\Local\Hyper - Browser\Modules\WdcMan.dll
2014-07-24 06:05 - 2014-07-24 06:05 - 00039424 _____ () C:\Users\USER\AppData\Local\Hyper - Browser\Modules\WblSupp.dll
2014-07-24 06:04 - 2014-07-24 06:04 - 00031744 _____ () C:\Users\USER\AppData\Local\Hyper - Browser\Modules\InSes.dll
2014-08-03 18:11 - 2014-07-21 02:38 - 00393728 _____ () C:\Users\USER\AppData\Local\Hyper - Browser\Chrome-bin\ppGoogleNaClPluginChrome.dll
2014-08-03 18:11 - 2014-07-21 02:38 - 00788480 _____ () C:\Users\USER\AppData\Local\Hyper - Browser\Chrome-bin\ffmpegsumo.dll
2014-08-04 13:13 - 2013-08-13 05:15 - 00206336 _____ () C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{0C5C2799-0346-42E5-A984-5DA6C6FD5742}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
2014-08-03 18:11 - 2013-12-03 19:48 - 13586896 _____ () C:\Users\USER\AppData\Local\Hyper - Browser\Chrome-bin\PepperFlash\pepflashplayer.dll
2012-09-29 17:37 - 2012-01-20 11:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^USER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BambooCore => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: EvolveClient => "C:\Program Files\Echobit\Evolve\EvolveClient.exe" -autorun
MSCONFIG\startupreg: HncUpdate => C:\Program Files (x86)\Hnc\HncUtils\HncChecker.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Power Control [2012/10/01 09:49:42]
Description: Power Control [2012/10/01 09:49:42]
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: {B154377D-700F-42cc-9474-23858FBDF4BD}
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/04/2014 01:18:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (08/04/2014 01:18:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (08/04/2014 01:16:12 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7fd0948e-ef46-4bdb-858b-dc3d509bbe3f}
 
Error: (08/04/2014 01:14:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/03/2014 11:52:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (08/03/2014 11:52:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (08/03/2014 11:47:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/03/2014 11:31:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (08/03/2014 11:31:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (08/03/2014 11:28:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (08/04/2014 01:12:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Power Control [2012/10/01 09:49:42] service failed to start due to the following error: 
%%3
 
Error: (08/04/2014 02:47:05 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (08/03/2014 11:46:10 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%835
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: %%842
 
Error: (08/03/2014 11:46:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Power Control [2012/10/01 09:49:42] service failed to start due to the following error: 
%%3
 
Error: (08/03/2014 11:28:08 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (08/03/2014 11:26:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Power Control [2012/10/01 09:49:42] service failed to start due to the following error: 
%%3
 
Error: (08/03/2014 11:26:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (08/03/2014 11:26:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (08/03/2014 11:25:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (08/03/2014 11:24:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
Microsoft Office Sessions:
=========================
Error: (08/04/2014 01:18:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (08/04/2014 01:18:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (08/04/2014 01:16:12 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7fd0948e-ef46-4bdb-858b-dc3d509bbe3f}
 
Error: (08/04/2014 01:14:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/03/2014 11:52:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (08/03/2014 11:52:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (08/03/2014 11:47:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/03/2014 11:31:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (08/03/2014 11:31:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (08/03/2014 11:28:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-03 23:25:50.022
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-03 23:25:49.980
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 59%
Total physical RAM: 4042.38 MB
Available physical RAM: 1624.18 MB
Total Pagefile: 8082.94 MB
Available Pagefile: 4748.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:2.35 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:465.76 GB) (Free:461.09 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: A021CE18)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 437F4380)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#4
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, I see it.

 

Looks fixable, so breathe easy.

 

Give me the evening to work up a fix for you. Worst case, I'll be back in the morning.


  • 0

#5
djmaxaaron

djmaxaaron

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Aha, thanks so much! I'll be waiting then :D


  • 0

#6
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hello,

 

I'm going to be very blunt with you. Many of your issues are coming from your use of Peer-to-Peer software. Specifically uTorrent. Below is some information about P2P. I would highly recommend uninstalling uTorrent until we get this issue fixed. In addition to the Chrome issue I see other infections that we will remove in subsequent steps, however, with uTorrent in place, the chance of reinfection is quite high.

 

Peer to Peer Warning

 

Looking through your log, I've also noticed you have uTorrent installed.
GeeksToGo does not recommend using such programs. You should read the description of Peer-to-Peer programs below and decide for yourself.

 

Description of Peer-to-Peer (P2P) software:

P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you still need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter

infoworld

My suggestion would be for you to uninstall this:

µTorrent

 

Now for the first fixes.

 

Open notepad and copy/paste the text in the quotebox below into it:

 

() C:\Users\USER\AppData\Local\Hyper - Browser\Hyper - Browser.exe
(The Chromium Authors) C:\Users\USER\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe
2014-08-03 18:09 - 2014-08-03 18:11 - 00000000 ____D () C:\Users\USER\AppData\Local\Hyper - Browser
2014-08-03 18:09 - 2014-08-03 18:09 - 00004566 _____ () C:\Windows\System32\Tasks\Hyper - Browser Runner
Hyper - Browser (HKLM-x32\...\Hyper - Browser) (Version: 77.0.0.425 - web research foundation) <==== ATTENTION
Task: {19429383-C75F-4257-86A0-4C8CC40EEEBD} - System32\Tasks\Microsoft\Windows\Maintenance\Hyper - Browser Update => %LOCALAPPDATA%\Hyper - Browser\Hyper - Browser.exe <==== ATTENTION
Task: {F8F50C26-6FDE-4494-A9AF-A682029AB312} - System32\Tasks\Hyper - Browser Runner => %LOCALAPPDATA%\Hyper - Browser\Hyper - Browser.exe <==== ATTENTION
HKLM-x32\...\Run: [] => [X]

REBOOT:

 

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#7
djmaxaaron

djmaxaaron

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

FRST log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-08-2014
Ran by USER at 2014-08-05 12:40:17 Run:1
Running from C:\Users\USER\Desktop\frst
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
() C:\Users\USER\AppData\Local\Hyper - Browser\Hyper - Browser.exe
(The Chromium Authors) C:\Users\USER\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe
2014-08-03 18:09 - 2014-08-03 18:11 - 00000000 ____D () C:\Users\USER\AppData\Local\Hyper - Browser
2014-08-03 18:09 - 2014-08-03 18:09 - 00004566 _____ () C:\Windows\System32\Tasks\Hyper - Browser Runner
Hyper - Browser (HKLM-x32\...\Hyper - Browser) (Version: 77.0.0.425 - web research foundation) <==== ATTENTION
Task: {19429383-C75F-4257-86A0-4C8CC40EEEBD} - System32\Tasks\Microsoft\Windows\Maintenance\Hyper - Browser Update => %LOCALAPPDATA%\Hyper - Browser\Hyper - Browser.exe <==== ATTENTION
Task: {F8F50C26-6FDE-4494-A9AF-A682029AB312} - System32\Tasks\Hyper - Browser Runner => %LOCALAPPDATA%\Hyper - Browser\Hyper - Browser.exe <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
REBOOT:
*****************
 
C:\Users\USER\AppData\Local\Hyper - Browser\Hyper - Browser.exe => No running process found
C:\Users\USER\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe => No running process found
C:\Users\USER\AppData\Local\Hyper - Browser => Moved successfully.
C:\Windows\System32\Tasks\Hyper - Browser Runner => Moved successfully.
Hyper - Browser (HKLM-x32\...\Hyper - Browser) (Version: 77.0.0.425 - web research foundation) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19429383-C75F-4257-86A0-4C8CC40EEEBD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19429383-C75F-4257-86A0-4C8CC40EEEBD}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\Hyper - Browser Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Hyper - Browser Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F8F50C26-6FDE-4494-A9AF-A682029AB312}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8F50C26-6FDE-4494-A9AF-A682029AB312}" => Key deleted successfully.
C:\Windows\System32\Tasks\Hyper - Browser Runner not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hyper - Browser Runner" => Key deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Adwlog
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1454 octets] - [03/08/2014 19:09:01]
AdwCleaner[R1].txt - [916 octets] - [03/08/2014 19:42:53]
AdwCleaner[R2].txt - [981 octets] - [03/08/2014 21:22:05]
AdwCleaner[R3].txt - [1101 octets] - [03/08/2014 21:23:57]
AdwCleaner[R4].txt - [1213 octets] - [03/08/2014 23:44:58]
AdwCleaner[R5].txt - [1335 octets] - [05/08/2014 12:43:01]
AdwCleaner[S0].txt - [1449 octets] - [03/08/2014 19:09:54]
AdwCleaner[S1].txt - [1041 octets] - [03/08/2014 21:22:42]
AdwCleaner[S2].txt - [1163 octets] - [03/08/2014 21:24:42]
AdwCleaner[S3].txt - [1275 octets] - [03/08/2014 23:45:31]
AdwCleaner[S4].txt - [1257 octets] - [05/08/2014 12:43:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1317 octets] ##########
 
So is everything fixed now? I'm not really sure what just happened

  • 0

#8
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

It looks better, but not best. I'd like to see another FRST scan. Please run FRST as you did previously and post the logs.

 

How does the machine seem to be running now?


  • 0

#9
djmaxaaron

djmaxaaron

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

It feels the same but also, when running adWcleaner I thought for sure this would be deleted but it still remains, 

http://imgur.com/O2TV4vs

 

Also here's the FRST log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by USER (administrator) on USER-PC on 05-08-2014 13:11:00
Running from C:\Users\USER\Desktop\frst
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3385489291-3797028483-2866025970-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-02-14] (AMD)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7E30C97B03A0CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {971FC730-55F1-461F-83FD-B3BF5E1F039E} http://192.168.1.68/AVC_AX_742.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B89CE93C-F058-4423-AD4F-B552A5C6E64A}: [NameServer]8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @gomtv.com/gomtvx-plugin -> C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll (Gretech Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-09-29]
 
Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (gomtvx NIE Module) - C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll (Gretech Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-05]
CHR Extension: (Inaba Himeko Theme) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\flooilpmbaknnlpnonlaccahmplanfln [2014-04-26]
CHR Extension: (AdBlock) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-04]
CHR Extension: (Google Wallet) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-07-18] (Echobit LLC)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-08-03] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [614680 2013-09-12] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-07-18] (Echobit, LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD}; \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-05 12:42 - 2014-08-05 12:42 - 01361309 _____ () C:\Users\USER\Downloads\AdwCleaner.exe
2014-08-05 12:38 - 2014-08-05 13:11 - 00000000 ____D () C:\Users\USER\Desktop\frst
2014-08-05 12:37 - 2014-08-05 12:39 - 00000855 _____ () C:\Users\USER\Documents\fixlist.txt
2014-08-04 14:05 - 2014-08-04 14:05 - 02807744 _____ (tuneuppro.com ) C:\Users\USER\Downloads\tupp_04080905180365495.exe
2014-08-04 13:19 - 2014-08-04 13:20 - 00038024 _____ () C:\Users\USER\Downloads\Addition.txt
2014-08-04 13:18 - 2014-08-05 13:11 - 00000000 ____D () C:\FRST
2014-08-04 13:18 - 2014-08-04 13:18 - 00415232 _____ (Farbar) C:\Users\USER\Downloads\FSS.exe
2014-08-04 13:17 - 2014-08-04 13:17 - 01084928 _____ (Farbar) C:\Users\USER\Downloads\FRST.exe
2014-08-04 13:16 - 2014-08-04 13:16 - 00000000 ____D () C:\MATS
2014-08-04 13:14 - 2014-08-04 13:15 - 00347816 _____ (Microsoft Corporation) C:\Users\USER\Downloads\MicrosoftFixit.ProgramInstallUninstall.MATSKB.Run.exe
2014-08-03 23:50 - 2014-08-05 12:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-03 23:50 - 2014-08-03 23:50 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-03 23:50 - 2014-08-03 23:50 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-03 23:50 - 2014-08-03 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-03 23:49 - 2014-08-05 12:44 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-03 23:49 - 2014-08-03 23:49 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-03 23:31 - 2014-08-03 23:31 - 00000000 ___SD () C:\32788R22FWJFW
2014-08-03 23:28 - 2014-08-03 23:28 - 00035524 _____ () C:\ComboFix.txt
2014-08-03 23:26 - 2014-08-05 12:44 - 00000504 _____ () C:\Windows\setupact.log
2014-08-03 23:26 - 2014-08-05 12:43 - 00002184 _____ () C:\Windows\PFRO.log
2014-08-03 23:26 - 2014-08-03 23:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-03 23:20 - 2014-08-03 23:31 - 00000000 ____D () C:\Windows\erdnt
2014-08-03 23:18 - 2014-08-03 23:19 - 05566616 _____ (Swearware) C:\Users\USER\Downloads\ComboFix.exe
2014-08-03 22:16 - 2014-08-03 22:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-03 22:15 - 2014-08-03 22:16 - 02347384 _____ (ESET) C:\Users\USER\Downloads\esetsmartinstaller_enu.exe
2014-08-03 21:44 - 2014-08-03 21:44 - 00000000 ____D () C:\Users\USER\AppData\Local\Chromium
2014-08-03 21:31 - 2014-08-03 21:39 - 00007605 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2014-08-03 21:21 - 2014-08-03 21:21 - 01361309 _____ () C:\Users\USER\Downloads\adwcleaner_3.302.exe
2014-08-03 20:04 - 2014-08-03 20:04 - 00000000 ____D () C:\Users\USER\AppData\Roaming\SYSTEMAX Software Development
2014-08-03 20:04 - 2014-08-03 20:04 - 00000000 ____D () C:\ProgramData\SYSTEMAX Software Development
2014-08-03 20:03 - 2014-08-03 20:03 - 00000000 ____D () C:\Users\USER\Desktop\PaintTool SAI English Pack(2)
2014-08-03 20:01 - 2014-08-03 20:01 - 00000000 __SHD () C:\Users\USER\AppData\Local\EmieUserList
2014-08-03 20:01 - 2014-08-03 20:01 - 00000000 __SHD () C:\Users\USER\AppData\Local\EmieSiteList
2014-08-03 19:25 - 2014-08-03 19:25 - 00000702 _____ () C:\Users\USER\Desktop\JRT.txt
2014-08-03 19:19 - 2014-08-03 19:19 - 01016261 _____ (Thisisu) C:\Users\USER\Downloads\JRT.exe
2014-08-03 19:19 - 2014-08-03 19:19 - 00000000 ____D () C:\Windows\ERUNT
2014-08-03 19:09 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-03 19:08 - 2014-08-05 13:10 - 00000000 ____D () C:\AdwCleaner
2014-08-03 19:08 - 2014-08-03 19:08 - 01361309 _____ () C:\Users\USER\Desktop\AdwCleaner.exe
2014-08-03 19:06 - 2014-08-03 19:07 - 11526415 _____ () C:\Users\USER\Downloads\PaintTool SAI English Pack(2).rar
2014-08-03 18:34 - 2014-08-03 18:34 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-03 18:34 - 2014-08-03 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-03 18:34 - 2014-08-03 18:34 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-03 18:33 - 2014-08-03 18:36 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-03 18:32 - 2014-08-03 18:33 - 11188736 _____ (SurfRight B.V.) C:\Users\USER\Downloads\HitmanPro_x64.exe
2014-08-03 18:10 - 2014-08-03 18:17 - 00000000 ____D () C:\Users\USER\AppData\Local\20464
2014-08-03 18:09 - 2014-08-03 18:36 - 00002294 _____ () C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-03 15:07 - 2014-08-03 15:07 - 00000874 _____ () C:\Windows\SysWOW64\msexcr.ini
2014-08-02 18:00 - 2014-08-02 18:00 - 20163174 _____ () C:\Users\USER\Downloads\Ice.zip
2014-07-22 13:54 - 2014-07-22 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-22 13:54 - 2014-07-22 13:54 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-18 16:08 - 2014-07-18 16:08 - 00021656 _____ (Echobit, LLC) C:\Windows\system32\Drivers\evolve.sys
2014-07-18 16:08 - 2014-07-18 16:08 - 00002023 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
2014-07-18 16:08 - 2014-07-18 16:08 - 00002011 _____ () C:\Users\Public\Desktop\Evolve.lnk
2014-07-18 16:08 - 2014-07-18 16:08 - 00000000 ____D () C:\Users\USER\AppData\Local\Echobit
2014-07-18 16:08 - 2014-07-18 16:08 - 00000000 ____D () C:\ProgramData\Echobit
2014-07-18 16:08 - 2014-07-18 16:08 - 00000000 ____D () C:\Program Files\Echobit
2014-07-18 16:07 - 2014-07-18 16:08 - 03258328 _____ (Echobit LLC) C:\Users\USER\Downloads\EvolveSetup.exe
2014-07-18 16:03 - 2014-07-18 16:03 - 00000222 _____ () C:\Users\USER\Desktop\Unturned.url
2014-07-17 22:23 - 2014-07-17 22:23 - 174178700 _____ () C:\Users\USER\Downloads\ZTST.zip
2014-07-16 13:08 - 2014-07-16 13:08 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-15 20:35 - 2014-07-15 20:35 - 00001111 _____ () C:\Users\USER\Desktop\Katawa Shoujo.lnk
2014-07-15 20:35 - 2014-07-15 20:35 - 00000000 ____D () C:\Users\USER\AppData\Roaming\RenPy
2014-07-15 20:34 - 2014-07-15 20:35 - 00000000 ____D () C:\Program Files (x86)\Katawa Shoujo
2014-07-15 20:32 - 2014-07-15 20:34 - 444251517 _____ () C:\Users\USER\Downloads\[4ls]_katawa_shoujo_1.1-[windows][8AACDD32].exe
2014-07-15 03:41 - 2014-08-04 00:11 - 00000000 ____D () C:\Users\USER\Desktop\cowboy bebop 9
2014-07-13 01:09 - 2014-08-05 03:51 - 00001237 _____ () C:\Users\USER\Desktop\manga.txt
2014-07-11 16:32 - 2014-07-11 16:32 - 00000219 _____ () C:\Users\USER\Desktop\Counter-Strike Global Offensive.url
2014-07-11 03:39 - 2014-07-11 03:39 - 27060196 _____ () C:\Users\USER\Downloads\No Game No Life.zip
2014-07-11 03:37 - 2014-07-11 03:37 - 26507407 _____ () C:\Users\USER\Downloads\Nisekoi.zip
2014-07-08 13:22 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 13:22 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 13:22 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 13:22 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 13:22 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 13:22 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 13:22 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 13:22 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 13:22 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 13:22 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 13:22 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 13:22 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 13:22 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 13:22 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 13:22 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 13:22 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 13:22 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 13:22 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 13:22 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 13:22 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 13:22 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 13:22 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 13:22 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 13:22 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 13:22 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 13:22 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 13:22 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 13:22 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 13:22 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 13:22 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 13:22 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 13:22 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 13:22 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 13:22 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 13:22 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 13:22 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 13:22 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 13:22 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 13:22 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 13:22 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 13:22 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 13:22 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 13:22 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 13:22 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 13:22 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 13:22 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 13:22 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 13:22 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 13:22 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 13:22 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 13:22 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 13:22 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 13:22 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 13:22 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 13:22 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 13:22 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 13:22 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 13:22 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 13:22 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 13:22 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 13:22 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 13:22 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 13:22 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 13:22 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 13:22 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 13:22 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 13:22 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 13:22 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 13:22 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 13:22 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 13:22 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 13:22 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 13:22 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 13:22 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 13:22 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 13:22 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 13:21 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 13:21 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 13:21 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-05 13:11 - 2014-08-05 12:38 - 00000000 ____D () C:\Users\USER\Desktop\frst
2014-08-05 13:11 - 2014-08-04 13:18 - 00000000 ____D () C:\FRST
2014-08-05 13:10 - 2014-08-03 19:08 - 00000000 ____D () C:\AdwCleaner
2014-08-05 12:56 - 2014-08-03 23:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-05 12:52 - 2012-09-29 18:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-05 12:49 - 2009-07-13 21:45 - 00028128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-05 12:49 - 2009-07-13 21:45 - 00028128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-05 12:48 - 2009-07-13 22:13 - 00006742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-05 12:47 - 2013-11-28 11:02 - 01857342 _____ () C:\Windows\WindowsUpdate.log
2014-08-05 12:45 - 2013-11-16 23:24 - 00000000 ____D () C:\Users\USER\AppData\Local\LogMeIn Hamachi
2014-08-05 12:44 - 2014-08-03 23:49 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-05 12:44 - 2014-08-03 23:26 - 00000504 _____ () C:\Windows\setupact.log
2014-08-05 12:44 - 2012-10-01 09:37 - 00003484 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-08-05 12:44 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-05 12:43 - 2014-08-03 23:26 - 00002184 _____ () C:\Windows\PFRO.log
2014-08-05 12:42 - 2014-08-05 12:42 - 01361309 _____ () C:\Users\USER\Downloads\AdwCleaner.exe
2014-08-05 12:39 - 2014-08-05 12:37 - 00000855 _____ () C:\Users\USER\Documents\fixlist.txt
2014-08-05 12:37 - 2013-11-16 23:15 - 00000000 ____D () C:\Users\USER\AppData\Roaming\uTorrent
2014-08-05 03:51 - 2014-07-13 01:09 - 00001237 _____ () C:\Users\USER\Desktop\manga.txt
2014-08-05 03:28 - 2014-05-24 10:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 18:56 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\addins
2014-08-04 16:19 - 2013-06-24 18:48 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-08-04 14:05 - 2014-08-04 14:05 - 02807744 _____ (tuneuppro.com ) C:\Users\USER\Downloads\tupp_04080905180365495.exe
2014-08-04 13:20 - 2014-08-04 13:19 - 00038024 _____ () C:\Users\USER\Downloads\Addition.txt
2014-08-04 13:18 - 2014-08-04 13:18 - 00415232 _____ (Farbar) C:\Users\USER\Downloads\FSS.exe
2014-08-04 13:17 - 2014-08-04 13:17 - 01084928 _____ (Farbar) C:\Users\USER\Downloads\FRST.exe
2014-08-04 13:16 - 2014-08-04 13:16 - 00000000 ____D () C:\MATS
2014-08-04 13:15 - 2014-08-04 13:14 - 00347816 _____ (Microsoft Corporation) C:\Users\USER\Downloads\MicrosoftFixit.ProgramInstallUninstall.MATSKB.Run.exe
2014-08-04 00:11 - 2014-07-15 03:41 - 00000000 ____D () C:\Users\USER\Desktop\cowboy bebop 9
2014-08-03 23:50 - 2014-08-03 23:50 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-03 23:50 - 2014-08-03 23:50 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-03 23:50 - 2014-08-03 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-03 23:50 - 2013-06-04 22:23 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-03 23:49 - 2014-08-03 23:49 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-03 23:49 - 2013-06-04 22:23 - 00000000 ____D () C:\Users\USER\AppData\Local\Deployment
2014-08-03 23:49 - 2013-06-04 22:23 - 00000000 ____D () C:\Users\USER\AppData\Local\Apps\2.0
2014-08-03 23:31 - 2014-08-03 23:31 - 00000000 ___SD () C:\32788R22FWJFW
2014-08-03 23:31 - 2014-08-03 23:20 - 00000000 ____D () C:\Windows\erdnt
2014-08-03 23:28 - 2014-08-03 23:28 - 00035524 _____ () C:\ComboFix.txt
2014-08-03 23:28 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-08-03 23:27 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-03 23:26 - 2014-08-03 23:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-03 23:26 - 2009-07-13 19:34 - 78381056 _____ () C:\Windows\system32\config\software.bak
2014-08-03 23:26 - 2009-07-13 19:34 - 18874368 _____ () C:\Windows\system32\config\system.bak
2014-08-03 23:26 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-08-03 23:26 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-08-03 23:26 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-08-03 23:19 - 2014-08-03 23:18 - 05566616 _____ (Swearware) C:\Users\USER\Downloads\ComboFix.exe
2014-08-03 22:16 - 2014-08-03 22:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-03 22:16 - 2014-08-03 22:15 - 02347384 _____ (ESET) C:\Users\USER\Downloads\esetsmartinstaller_enu.exe
2014-08-03 21:44 - 2014-08-03 21:44 - 00000000 ____D () C:\Users\USER\AppData\Local\Chromium
2014-08-03 21:39 - 2014-08-03 21:31 - 00007605 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2014-08-03 21:21 - 2014-08-03 21:21 - 01361309 _____ () C:\Users\USER\Downloads\adwcleaner_3.302.exe
2014-08-03 20:09 - 2013-10-29 16:48 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Skype
2014-08-03 20:04 - 2014-08-03 20:04 - 00000000 ____D () C:\Users\USER\AppData\Roaming\SYSTEMAX Software Development
2014-08-03 20:04 - 2014-08-03 20:04 - 00000000 ____D () C:\ProgramData\SYSTEMAX Software Development
2014-08-03 20:03 - 2014-08-03 20:03 - 00000000 ____D () C:\Users\USER\Desktop\PaintTool SAI English Pack(2)
2014-08-03 20:01 - 2014-08-03 20:01 - 00000000 __SHD () C:\Users\USER\AppData\Local\EmieUserList
2014-08-03 20:01 - 2014-08-03 20:01 - 00000000 __SHD () C:\Users\USER\AppData\Local\EmieSiteList
2014-08-03 19:36 - 2009-07-13 22:08 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-03 19:25 - 2014-08-03 19:25 - 00000702 _____ () C:\Users\USER\Desktop\JRT.txt
2014-08-03 19:19 - 2014-08-03 19:19 - 01016261 _____ (Thisisu) C:\Users\USER\Downloads\JRT.exe
2014-08-03 19:19 - 2014-08-03 19:19 - 00000000 ____D () C:\Windows\ERUNT
2014-08-03 19:14 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-03 19:13 - 2013-11-16 23:24 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-08-03 19:08 - 2014-08-03 19:08 - 01361309 _____ () C:\Users\USER\Desktop\AdwCleaner.exe
2014-08-03 19:07 - 2014-08-03 19:06 - 11526415 _____ () C:\Users\USER\Downloads\PaintTool SAI English Pack(2).rar
2014-08-03 18:44 - 2012-09-29 18:23 - 00000000 ____D () C:\Program Files (x86)\GNU
2014-08-03 18:36 - 2014-08-03 18:33 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-03 18:36 - 2014-08-03 18:09 - 00002294 _____ () C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-03 18:34 - 2014-08-03 18:34 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-03 18:34 - 2014-08-03 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-03 18:34 - 2014-08-03 18:34 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-03 18:33 - 2014-08-03 18:32 - 11188736 _____ (SurfRight B.V.) C:\Users\USER\Downloads\HitmanPro_x64.exe
2014-08-03 18:31 - 2013-06-10 19:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-03 18:18 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\Performance
2014-08-03 18:17 - 2014-08-03 18:10 - 00000000 ____D () C:\Users\USER\AppData\Local\20464
2014-08-03 15:07 - 2014-08-03 15:07 - 00000874 _____ () C:\Windows\SysWOW64\msexcr.ini
2014-08-02 18:01 - 2013-08-30 19:35 - 00000000 ____D () C:\Users\USER\Desktop\poster
2014-08-02 18:00 - 2014-08-02 18:00 - 20163174 _____ () C:\Users\USER\Downloads\Ice.zip
2014-08-02 01:11 - 2013-06-05 15:37 - 00000000 ___RD () C:\Users\USER\Desktop\folder
2014-07-30 03:17 - 2013-10-22 23:02 - 00000000 ____D () C:\Users\USER\Desktop\920
2014-07-23 18:11 - 2012-09-29 18:07 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-23 18:11 - 2012-09-29 18:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-23 16:17 - 2012-09-29 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-22 13:54 - 2014-07-22 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-22 13:54 - 2014-07-22 13:54 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-22 13:54 - 2013-12-16 22:32 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-07-22 01:43 - 2014-03-10 16:01 - 00000136 _____ () C:\Users\USER\Desktop\art.txt
2014-07-21 15:56 - 2014-02-15 16:34 - 00000000 ____D () C:\Users\USER\Desktop\zankyou
2014-07-18 16:08 - 2014-07-18 16:08 - 00021656 _____ (Echobit, LLC) C:\Windows\system32\Drivers\evolve.sys
2014-07-18 16:08 - 2014-07-18 16:08 - 00002023 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
2014-07-18 16:08 - 2014-07-18 16:08 - 00002011 _____ () C:\Users\Public\Desktop\Evolve.lnk
2014-07-18 16:08 - 2014-07-18 16:08 - 00000000 ____D () C:\Users\USER\AppData\Local\Echobit
2014-07-18 16:08 - 2014-07-18 16:08 - 00000000 ____D () C:\ProgramData\Echobit
2014-07-18 16:08 - 2014-07-18 16:08 - 00000000 ____D () C:\Program Files\Echobit
2014-07-18 16:08 - 2014-07-18 16:07 - 03258328 _____ (Echobit LLC) C:\Users\USER\Downloads\EvolveSetup.exe
2014-07-18 16:06 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-18 16:03 - 2014-07-18 16:03 - 00000222 _____ () C:\Users\USER\Desktop\Unturned.url
2014-07-18 14:18 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-07-17 22:24 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-07-17 22:23 - 2014-07-17 22:23 - 174178700 _____ () C:\Users\USER\Downloads\ZTST.zip
2014-07-16 13:08 - 2014-07-16 13:08 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-15 20:35 - 2014-07-15 20:35 - 00001111 _____ () C:\Users\USER\Desktop\Katawa Shoujo.lnk
2014-07-15 20:35 - 2014-07-15 20:35 - 00000000 ____D () C:\Users\USER\AppData\Roaming\RenPy
2014-07-15 20:35 - 2014-07-15 20:34 - 00000000 ____D () C:\Program Files (x86)\Katawa Shoujo
2014-07-15 20:34 - 2014-07-15 20:32 - 444251517 _____ () C:\Users\USER\Downloads\[4ls]_katawa_shoujo_1.1-[windows][8AACDD32].exe
2014-07-13 17:19 - 2014-03-16 22:19 - 00000000 ____D () C:\Users\USER\Desktop\pzinndix
2014-07-12 14:42 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-07-11 16:32 - 2014-07-11 16:32 - 00000219 _____ () C:\Users\USER\Desktop\Counter-Strike Global Offensive.url
2014-07-11 16:32 - 2013-06-10 19:19 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-11 16:18 - 2014-04-20 01:37 - 00000000 ____D () C:\Users\USER\Desktop\kimi n oknife 28
2014-07-11 16:18 - 2014-01-06 13:19 - 00000000 ___RD () C:\Users\USER\Desktop\wallpapers
2014-07-11 03:39 - 2014-07-11 03:39 - 27060196 _____ () C:\Users\USER\Downloads\No Game No Life.zip
2014-07-11 03:37 - 2014-07-11 03:37 - 26507407 _____ () C:\Users\USER\Downloads\Nisekoi.zip
2014-07-11 03:37 - 2014-05-10 21:49 - 00000000 ____D () C:\Users\USER\Desktop\Other wallpapers
2014-07-09 09:52 - 2012-09-29 18:07 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 09:52 - 2012-09-29 18:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 09:52 - 2012-09-29 18:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 18:45 - 2009-07-13 21:45 - 05267168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-08 18:44 - 2011-04-12 01:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-08 18:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-08 18:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-08 16:23 - 2014-05-22 12:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-08 16:22 - 2012-10-01 10:58 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 16:22 - 2012-10-01 09:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
 
Files to move or delete:
====================
C:\Users\USER\jagex_cl_runescape_LIVE.dat
C:\Users\USER\jagex_cl_runescape_LIVE1.dat
C:\Users\USER\random.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-31 21:55
 
==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by USER (administrator) on USER-PC on 05-08-2014 13:11:00
Running from C:\Users\USER\Desktop\frst
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3385489291-3797028483-2866025970-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-02-14] (AMD)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7E30C97B03A0CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {971FC730-55F1-461F-83FD-B3BF5E1F039E} http://192.168.1.68/AVC_AX_742.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B89CE93C-F058-4423-AD4F-B552A5C6E64A}: [NameServer]8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @gomtv.com/gomtvx-plugin -> C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll (Gretech Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-09-29]
 
Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (gomtvx NIE Module) - C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll (Gretech Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-05]
CHR Extension: (Inaba Himeko Theme) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\flooilpmbaknnlpnonlaccahmplanfln [2014-04-26]
CHR Extension: (AdBlock) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-04]
CHR Extension: (Google Wallet) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-07-18] (Echobit LLC)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-08-03] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [614680 2013-09-12] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-07-18] (Echobit, LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD}; \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-05 12:42 - 2014-08-05 12:42 - 01361309 _____ () C:\Users\USER\Downloads\AdwCleaner.exe
2014-08-05 12:38 - 2014-08-05 13:11 - 00000000 ____D () C:\Users\USER\Desktop\frst
2014-08-05 12:37 - 2014-08-05 12:39 - 00000855 _____ () C:\Users\USER\Documents\fixlist.txt
2014-08-04 14:05 - 2014-08-04 14:05 - 02807744 _____ (tuneuppro.com ) C:\Users\USER\Downloads\tupp_04080905180365495.exe
2014-08-04 13:19 - 2014-08-04 13:20 - 00038024 _____ () C:\Users\USER\Downloads\Addition.txt
2014-08-04 13:18 - 2014-08-05 13:11 - 00000000 ____D () C:\FRST
2014-08-04 13:18 - 2014-08-04 13:18 - 00415232 _____ (Farbar) C:\Users\USER\Downloads\FSS.exe
2014-08-04 13:17 - 2014-08-04 13:17 - 01084928 _____ (Farbar) C:\Users\USER\Downloads\FRST.exe
2014-08-04 13:16 - 2014-08-04 13:16 - 00000000 ____D () C:\MATS
2014-08-04 13:14 - 2014-08-04 13:15 - 00347816 _____ (Microsoft Corporation) C:\Users\USER\Downloads\MicrosoftFixit.ProgramInstallUninstall.MATSKB.Run.exe
2014-08-03 23:50 - 2014-08-05 12:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-03 23:50 - 2014-08-03 23:50 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-03 23:50 - 2014-08-03 23:50 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-03 23:50 - 2014-08-03 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-03 23:49 - 2014-08-05 12:44 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-03 23:49 - 2014-08-03 23:49 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-03 23:31 - 2014-08-03 23:31 - 00000000 ___SD () C:\32788R22FWJFW
2014-08-03 23:28 - 2014-08-03 23:28 - 00035524 _____ () C:\ComboFix.txt
2014-08-03 23:26 - 2014-08-05 12:44 - 00000504 _____ () C:\Windows\setupact.log
2014-08-03 23:26 - 2014-08-05 12:43 - 00002184 _____ () C:\Windows\PFRO.log
2014-08-03 23:26 - 2014-08-03 23:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-03 23:20 - 2014-08-03 23:31 - 00000000 ____D () C:\Windows\erdnt
2014-08-03 23:18 - 2014-08-03 23:19 - 05566616 _____ (Swearware) C:\Users\USER\Downloads\ComboFix.exe
2014-08-03 22:16 - 2014-08-03 22:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-03 22:15 - 2014-08-03 22:16 - 02347384 _____ (ESET) C:\Users\USER\Downloads\esetsmartinstaller_enu.exe
2014-08-03 21:44 - 2014-08-03 21:44 - 00000000 ____D () C:\Users\USER\AppData\Local\Chromium
2014-08-03 21:31 - 2014-08-03 21:39 - 00007605 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2014-08-03 21:21 - 2014-08-03 21:21 - 01361309 _____ () C:\Users\USER\Downloads\adwcleaner_3.302.exe
2014-08-03 20:04 - 2014-08-03 20:04 - 00000000 ____D () C:\Users\USER\AppData\Roaming\SYSTEMAX Software Development
2014-08-03 20:04 - 2014-08-03 20:04 - 00000000 ____D () C:\ProgramData\SYSTEMAX Software Development
2014-08-03 20:03 - 2014-08-03 20:03 - 00000000 ____D () C:\Users\USER\Desktop\PaintTool SAI English Pack(2)
2014-08-03 20:01 - 2014-08-03 20:01 - 00000000 __SHD () C:\Users\USER\AppData\Local\EmieUserList
2014-08-03 20:01 - 2014-08-03 20:01 - 00000000 __SHD () C:\Users\USER\AppData\Local\EmieSiteList
2014-08-03 19:25 - 2014-08-03 19:25 - 00000702 _____ () C:\Users\USER\Desktop\JRT.txt
2014-08-03 19:19 - 2014-08-03 19:19 - 01016261 _____ (Thisisu) C:\Users\USER\Downloads\JRT.exe
2014-08-03 19:19 - 2014-08-03 19:19 - 00000000 ____D () C:\Windows\ERUNT
2014-08-03 19:09 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-03 19:08 - 2014-08-05 13:10 - 00000000 ____D () C:\AdwCleaner
2014-08-03 19:08 - 2014-08-03 19:08 - 01361309 _____ () C:\Users\USER\Desktop\AdwCleaner.exe
2014-08-03 19:06 - 2014-08-03 19:07 - 11526415 _____ () C:\Users\USER\Downloads\PaintTool SAI English Pack(2).rar
2014-08-03 18:34 - 2014-08-03 18:34 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-03 18:34 - 2014-08-03 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-03 18:34 - 2014-08-03 18:34 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-03 18:33 - 2014-08-03 18:36 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-03 18:32 - 2014-08-03 18:33 - 11188736 _____ (SurfRight B.V.) C:\Users\USER\Downloads\HitmanPro_x64.exe
2014-08-03 18:10 - 2014-08-03 18:17 - 00000000 ____D () C:\Users\USER\AppData\Local\20464
2014-08-03 18:09 - 2014-08-03 18:36 - 00002294 _____ () C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-03 15:07 - 2014-08-03 15:07 - 00000874 _____ () C:\Windows\SysWOW64\msexcr.ini
2014-08-02 18:00 - 2014-08-02 18:00 - 20163174 _____ () C:\Users\USER\Downloads\Ice.zip
2014-07-22 13:54 - 2014-07-22 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-22 13:54 - 2014-07-22 13:54 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-18 16:08 - 2014-07-18 16:08 - 00021656 _____ (Echobit, LLC) C:\Windows\system32\Drivers\evolve.sys
2014-07-18 16:08 - 2014-07-18 16:08 - 00002023 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
2014-07-18 16:08 - 2014-07-18 16:08 - 00002011 _____ () C:\Users\Public\Desktop\Evolve.lnk
2014-07-18 16:08 - 2014-07-18 16:08 - 00000000 ____D () C:\Users\USER\AppData\Local\Echobit
2014-07-18 16:08 - 2014-07-18 16:08 - 00000000 ____D () C:\ProgramData\Echobit
2014-07-18 16:08 - 2014-07-18 16:08 - 00000000 ____D () C:\Program Files\Echobit
2014-07-18 16:07 - 2014-07-18 16:08 - 03258328 _____ (Echobit LLC) C:\Users\USER\Downloads\EvolveSetup.exe
2014-07-18 16:03 - 2014-07-18 16:03 - 00000222 _____ () C:\Users\USER\Desktop\Unturned.url
2014-07-17 22:23 - 2014-07-17 22:23 - 174178700 _____ () C:\Users\USER\Downloads\ZTST.zip
2014-07-16 13:08 - 2014-07-16 13:08 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-15 20:35 - 2014-07-15 20:35 - 00001111 _____ () C:\Users\USER\Desktop\Katawa Shoujo.lnk
2014-07-15 20:35 - 2014-07-15 20:35 - 00000000 ____D () C:\Users\USER\AppData\Roaming\RenPy
2014-07-15 20:34 - 2014-07-15 20:35 - 00000000 ____D () C:\Program Files (x86)\Katawa Shoujo
2014-07-15 20:32 - 2014-07-15 20:34 - 444251517 _____ () C:\Users\USER\Downloads\[4ls]_katawa_shoujo_1.1-[windows][8AACDD32].exe
2014-07-15 03:41 - 2014-08-04 00:11 - 00000000 ____D () C:\Users\USER\Desktop\cowboy bebop 9
2014-07-13 01:09 - 2014-08-05 03:51 - 00001237 _____ () C:\Users\USER\Desktop\manga.txt
2014-07-11 16:32 - 2014-07-11 16:32 - 00000219 _____ () C:\Users\USER\Desktop\Counter-Strike Global Offensive.url
2014-07-11 03:39 - 2014-07-11 03:39 - 27060196 _____ () C:\Users\USER\Downloads\No Game No Life.zip
2014-07-11 03:37 - 2014-07-11 03:37 - 26507407 _____ () C:\Users\USER\Downloads\Nisekoi.zip
2014-07-08 13:22 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 13:22 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 13:22 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 13:22 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 13:22 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 13:22 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 13:22 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 13:22 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 13:22 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 13:22 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 13:22 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 13:22 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 13:22 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 13:22 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 13:22 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 13:22 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 13:22 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 13:22 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 13:22 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 13:22 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 13:22 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 13:22 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 13:22 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 13:22 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 13:22 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 13:22 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 13:22 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 13:22 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 13:22 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 13:22 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 13:22 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 13:22 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 13:22 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 13:22 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 13:22 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 13:22 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 13:22 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 13:22 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 13:22 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 13:22 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 13:22 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 13:22 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 13:22 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 13:22 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 13:22 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 13:22 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 13:22 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 13:22 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 13:22 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 13:22 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 13:22 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 13:22 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 13:22 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 13:22 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 13:22 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 13:22 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 13:22 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 13:22 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 13:22 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 13:22 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 13:22 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 13:22 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 13:22 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 13:22 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 13:22 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 13:22 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 13:22 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 13:22 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 13:22 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 13:22 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 13:22 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 13:22 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 13:22 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 13:22 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 13:22 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 13:22 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 13:21 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 13:21 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 13:21 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-05 13:11 - 2014-08-05 12:38 - 00000000 ____D () C:\Users\USER\Desktop\frst
2014-08-05 13:11 - 2014-08-04 13:18 - 00000000 ____D () C:\FRST
2014-08-05 13:10 - 2014-08-03 19:08 - 00000000 ____D () C:\AdwCleaner
2014-08-05 12:56 - 2014-08-03 23:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-05 12:52 - 2012-09-29 18:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-05 12:49 - 2009-07-13 21:45 - 00028128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-05 12:49 - 2009-07-13 21:45 - 00028128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-05 12:48 - 2009-07-13 22:13 - 00006742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-05 12:47 - 2013-11-28 11:02 - 01857342 _____ () C:\Windows\WindowsUpdate.log
2014-08-05 12:45 - 2013-11-16 23:24 - 00000000 ____D () C:\Users\USER\AppData\Local\LogMeIn Hamachi
2014-08-05 12:44 - 2014-08-03 23:49 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-05 12:44 - 2014-08-03 23:26 - 00000504 _____ () C:\Windows\setupact.log
2014-08-05 12:44 - 2012-10-01 09:37 - 00003484 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-08-05 12:44 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-05 12:43 - 2014-08-03 23:26 - 00002184 _____ () C:\Windows\PFRO.log
2014-08-05 12:42 - 2014-08-05 12:42 - 01361309 _____ () C:\Users\USER\Downloads\AdwCleaner.exe
2014-08-05 12:39 - 2014-08-05 12:37 - 00000855 _____ () C:\Users\USER\Documents\fixlist.txt
2014-08-05 12:37 - 2013-11-16 23:15 - 00000000 ____D () C:\Users\USER\AppData\Roaming\uTorrent
2014-08-05 03:51 - 2014-07-13 01:09 - 00001237 _____ () C:\Users\USER\Desktop\manga.txt
2014-08-05 03:28 - 2014-05-24 10:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 18:56 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\addins
2014-08-04 16:19 - 2013-06-24 18:48 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-08-04 14:05 - 2014-08-04 14:05 - 02807744 _____ (tuneuppro.com ) C:\Users\USER\Downloads\tupp_04080905180365495.exe
2014-08-04 13:20 - 2014-08-04 13:19 - 00038024 _____ () C:\Users\USER\Downloads\Addition.txt
2014-08-04 13:18 - 2014-08-04 13:18 - 00415232 _____ (Farbar) C:\Users\USER\Downloads\FSS.exe
2014-08-04 13:17 - 2014-08-04 13:17 - 01084928 _____ (Farbar) C:\Users\USER\Downloads\FRST.exe
2014-08-04 13:16 - 2014-08-04 13:16 - 00000000 ____D () C:\MATS
2014-08-04 13:15 - 2014-08-04 13:14 - 00347816 _____ (Microsoft Corporation) C:\Users\USER\Downloads\MicrosoftFixit.ProgramInstallUninstall.MATSKB.Run.exe
2014-08-04 00:11 - 2014-07-15 03:41 - 00000000 ____D () C:\Users\USER\Desktop\cowboy bebop 9
2014-08-03 23:50 - 2014-08-03 23:50 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-03 23:50 - 2014-08-03 23:50 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-03 23:50 - 2014-08-03 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-03 23:50 - 2013-06-04 22:23 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-03 23:49 - 2014-08-03 23:49 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-03 23:49 - 2013-06-04 22:23 - 00000000 ____D () C:\Users\USER\AppData\Local\Deployment
2014-08-03 23:49 - 2013-06-04 22:23 - 00000000 ____D () C:\Users\USER\AppData\Local\Apps\2.0
2014-08-03 23:31 - 2014-08-03 23:31 - 00000000 ___SD () C:\32788R22FWJFW
2014-08-03 23:31 - 2014-08-03 23:20 - 00000000 ____D () C:\Windows\erdnt
2014-08-03 23:28 - 2014-08-03 23:28 - 00035524 _____ () C:\ComboFix.txt
2014-08-03 23:28 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-08-03 23:27 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-03 23:26 - 2014-08-03 23:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-03 23:26 - 2009-07-13 19:34 - 78381056 _____ () C:\Windows\system32\config\software.bak
2014-08-03 23:26 - 2009-07-13 19:34 - 18874368 _____ () C:\Windows\system32\config\system.bak
2014-08-03 23:26 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-08-03 23:26 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-08-03 23:26 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-08-03 23:19 - 2014-08-03 23:18 - 05566616 _____ (Swearware) C:\Users\USER\Downloads\ComboFix.exe
2014-08-03 22:16 - 2014-08-03 22:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-03 22:16 - 2014-08-03 22:15 - 02347384 _____ (ESET) C:\Users\USER\Downloads\esetsmartinstaller_enu.exe
2014-08-03 21:44 - 2014-08-03 21:44 - 00000000 ____D () C:\Users\USER\AppData\Local\Chromium
2014-08-03 21:39 - 2014-08-03 21:31 - 00007605 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2014-08-03 21:21 - 2014-08-03 21:21 - 01361309 _____ () C:\Users\USER\Downloads\adwcleaner_3.302.exe
2014-08-03 20:09 - 2013-10-29 16:48 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Skype
2014-08-03 20:04 - 2014-08-03 20:04 - 00000000 ____D () C:\Users\USER\AppData\Roaming\SYSTEMAX Software Development
2014-08-03 20:04 - 2014-08-03 20:04 - 00000000 ____D () C:\ProgramData\SYSTEMAX Software Development
2014-08-03 20:03 - 2014-08-03 20:03 - 00000000 ____D () C:\Users\USER\Desktop\PaintTool SAI English Pack(2)
2014-08-03 20:01 - 2014-08-03 20:01 - 00000000 __SHD () C:\Users\USER\AppData\Local\EmieUserList
2014-08-03 20:01 - 2014-08-03 20:01 - 00000000 __SHD () C:\Users\USER\AppData\Local\EmieSiteList
2014-08-03 19:36 - 2009-07-13 22:08 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-03 19:25 - 2014-08-03 19:25 - 00000702 _____ () C:\Users\USER\Desktop\JRT.txt
2014-08-03 19:19 - 2014-08-03 19:19 - 01016261 _____ (Thisisu) C:\Users\USER\Downloads\JRT.exe
2014-08-03 19:19 - 2014-08-03 19:19 - 00000000 ____D () C:\Windows\ERUNT
2014-08-03 19:14 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-03 19:13 - 2013-11-16 23:24 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-08-03 19:08 - 2014-08-03 19:08 - 01361309 _____ () C:\Users\USER\Desktop\AdwCleaner.exe
2014-08-03 19:07 - 2014-08-03 19:06 - 11526415 _____ () C:\Users\USER\Downloads\PaintTool SAI English Pack(2).rar
2014-08-03 18:44 - 2012-09-29 18:23 - 00000000 ____D () C:\Program Files (x86)\GNU
2014-08-03 18:36 - 2014-08-03 18:33 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-03 18:36 - 2014-08-03 18:09 - 00002294 _____ () C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-03 18:34 - 2014-08-03 18:34 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-03 18:34 - 2014-08-03 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-03 18:34 - 2014-08-03 18:34 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-03 18:33 - 2014-08-03 18:32 - 11188736 _____ (SurfRight B.V.) C:\Users\USER\Downloads\HitmanPro_x64.exe
2014-08-03 18:31 - 2013-06-10 19:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-03 18:18 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\Performance
2014-08-03 18:17 - 2014-08-03 18:10 - 00000000 ____D () C:\Users\USER\AppData\Local\20464
2014-08-03 15:07 - 2014-08-03 15:07 - 00000874 _____ () C:\Windows\SysWOW64\msexcr.ini
2014-08-02 18:01 - 2013-08-30 19:35 - 00000000 ____D () C:\Users\USER\Desktop\poster
2014-08-02 18:00 - 2014-08-02 18:00 - 20163174 _____ () C:\Users\USER\Downloads\Ice.zip
2014-08-02 01:11 - 2013-06-05 15:37 - 00000000 ___RD () C:\Users\USER\Desktop\folder
2014-07-30 03:17 - 2013-10-22 23:02 - 00000000 ____D () C:\Users\USER\Desktop\920
2014-07-23 18:11 - 2012-09-29 18:07 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-23 18:11 - 2012-09-29 18:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-23 16:17 - 2012-09-29 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-22 13:54 - 2014-07-22 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-22 13:54 - 2014-07-22 13:54 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-22 13:54 - 2013-12-16 22:32 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-07-22 01:43 - 2014-03-10 16:01 - 00000136 _____ () C:\Users\USER\Desktop\art.txt
2014-07-21 15:56 - 2014-02-15 16:34 - 00000000 ____D () C:\Users\USER\Desktop\zankyou
2014-07-18 16:08 - 2014-07-18 16:08 - 00021656 _____ (Echobit, LLC) C:\Windows\system32\Drivers\evolve.sys
2014-07-18 16:08 - 2014-07-18 16:08 - 00002023 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
2014-07-18 16:08 - 2014-07-18 16:08 - 00002011 _____ () C:\Users\Public\Desktop\Evolve.lnk
2014-07-18 16:08 - 2014-07-18 16:08 - 00000000 ____D () C:\Users\USER\AppData\Local\Echobit
2014-07-18 16:08 - 2014-07-18 16:08 - 00000000 ____D () C:\ProgramData\Echobit
2014-07-18 16:08 - 2014-07-18 16:08 - 00000000 ____D () C:\Program Files\Echobit
2014-07-18 16:08 - 2014-07-18 16:07 - 03258328 _____ (Echobit LLC) C:\Users\USER\Downloads\EvolveSetup.exe
2014-07-18 16:06 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-18 16:03 - 2014-07-18 16:03 - 00000222 _____ () C:\Users\USER\Desktop\Unturned.url
2014-07-18 14:18 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-07-17 22:24 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-07-17 22:23 - 2014-07-17 22:23 - 174178700 _____ () C:\Users\USER\Downloads\ZTST.zip
2014-07-16 13:08 - 2014-07-16 13:08 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-15 20:35 - 2014-07-15 20:35 - 00001111 _____ () C:\Users\USER\Desktop\Katawa Shoujo.lnk
2014-07-15 20:35 - 2014-07-15 20:35 - 00000000 ____D () C:\Users\USER\AppData\Roaming\RenPy
2014-07-15 20:35 - 2014-07-15 20:34 - 00000000 ____D () C:\Program Files (x86)\Katawa Shoujo
2014-07-15 20:34 - 2014-07-15 20:32 - 444251517 _____ () C:\Users\USER\Downloads\[4ls]_katawa_shoujo_1.1-[windows][8AACDD32].exe
2014-07-13 17:19 - 2014-03-16 22:19 - 00000000 ____D () C:\Users\USER\Desktop\pzinndix
2014-07-12 14:42 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-07-11 16:32 - 2014-07-11 16:32 - 00000219 _____ () C:\Users\USER\Desktop\Counter-Strike Global Offensive.url
2014-07-11 16:32 - 2013-06-10 19:19 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-11 16:18 - 2014-04-20 01:37 - 00000000 ____D () C:\Users\USER\Desktop\kimi n oknife 28
2014-07-11 16:18 - 2014-01-06 13:19 - 00000000 ___RD () C:\Users\USER\Desktop\wallpapers
2014-07-11 03:39 - 2014-07-11 03:39 - 27060196 _____ () C:\Users\USER\Downloads\No Game No Life.zip
2014-07-11 03:37 - 2014-07-11 03:37 - 26507407 _____ () C:\Users\USER\Downloads\Nisekoi.zip
2014-07-11 03:37 - 2014-05-10 21:49 - 00000000 ____D () C:\Users\USER\Desktop\Other wallpapers
2014-07-09 09:52 - 2012-09-29 18:07 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 09:52 - 2012-09-29 18:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 09:52 - 2012-09-29 18:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 18:45 - 2009-07-13 21:45 - 05267168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-08 18:44 - 2011-04-12 01:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-08 18:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-08 18:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-08 16:23 - 2014-05-22 12:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-08 16:22 - 2012-10-01 10:58 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 16:22 - 2012-10-01 09:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
 
Files to move or delete:
====================
C:\Users\USER\jagex_cl_runescape_LIVE.dat
C:\Users\USER\jagex_cl_runescape_LIVE1.dat
C:\Users\USER\random.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-31 21:55
 
==================== End Of Log ============================

  • 0

#10
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

 

It feels the same but also, when running adWcleaner I thought for sure this would be deleted but it still remains,

http://imgur.com/O2TV4vs

 

 

Where do you see that URL?

 

Next Steps.

 

xZ2qgMOy.png.pagespeed.ic.8e3QqD36Fw.png OTL

  • Please download OTL and save the file to your desktop.
  • Double-click OTL.exe to run the programme. Ensure all other windows are closed.
  • Copy the entire contents of the codebox below and paste into the x1wDyQ2v.png.pagespeed.ic.unfrBmDo4K.png textbox.
    :Commands
    
    [emptytemp]
    
    
  • Click the xj7yFJut.png.pagespeed.ic.-XScsp82bT.png button.
  • Let the programme run and reboot your computer if prompted.

When OTL completes, reboot the computer and re-run OTL this time selecting Quick Scan.

 

Post the log when complete.


  • 0

Advertisements


#11
djmaxaaron

djmaxaaron

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

No, there's a certain thing in the chrome browser when I run scan on Adw. and it shows up, however even after cleaning several times, it still remains.

 

Also here's the log file

OTL logfile created on: 8/6/2014 3:04:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\USER\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.95 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 59.09% Memory free
7.89 Gb Paging File | 6.04 Gb Available in Paging File | 76.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 7.25 Gb Free Space | 6.49% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 461.09 Gb Free Space | 99.00% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/06 14:19:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\USER\Downloads\OTL.exe
PRC - [2014/07/21 18:08:42 | 003,816,784 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2014/07/15 02:24:50 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2013/10/01 05:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/05/10 00:57:36 | 000,840,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/08 16:15:51 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Wacom\WacomHost.exe
PRC - [2012/10/08 16:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe
PRC - [2012/02/14 21:35:52 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2012/01/20 11:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2010/11/20 20:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/15 02:24:48 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppgooglenaclpluginchrome.dll
MOD - [2014/07/15 02:24:44 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
MOD - [2014/07/15 02:24:38 | 000,718,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
MOD - [2014/07/15 02:24:36 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
MOD - [2014/07/15 02:24:35 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/08/03 18:34:02 | 000,127,752 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2014/07/18 16:08:51 | 001,579,936 | ---- | M] (Echobit LLC) [On_Demand | Stopped] -- C:\Program Files\Echobit\Evolve\EvoSvc.exe -- (EvoSvc)
SRV:64bit: - [2014/06/18 17:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/09/12 18:08:42 | 000,614,680 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\WTabletServicePro.exe -- (WTabletServicePro)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/28 18:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/12/11 13:07:04 | 000,619,904 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV:64bit: - [2012/01/10 21:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/07/21 18:08:40 | 002,544,976 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014/07/16 10:53:44 | 000,377,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/07/09 09:52:30 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/02/07 20:18:42 | 000,569,024 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/01 05:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/07 01:12:44 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/01/20 16:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/20 16:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/01/20 11:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/18 16:08:56 | 000,021,656 | ---- | M] (Echobit, LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\evolve.sys -- (EvolveVirtualAdapter)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/08/02 14:37:58 | 000,088,888 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2013/08/02 14:37:58 | 000,015,160 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2013/08/02 14:37:58 | 000,014,136 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2013/05/28 17:24:48 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/05/28 17:24:48 | 000,103,064 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/03/28 19:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/03/28 18:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/02/14 04:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/08/02 18:34:42 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/09/29 02:30:34 | 000,646,248 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E 30 C9 7B 03 A0 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@gomtv.com/gomtvx-plugin: C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll (Gretech Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/07/13 15:37:17 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: 
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\USER\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: gomtvx NIE Module (Disabled) = C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
CHR - plugin: Intel짰 Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel짰 Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java Deployment Toolkit 7.0.510.13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U51 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: Inaba Himeko Theme = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\flooilpmbaknnlpnonlaccahmplanfln\1_1\
CHR - Extension: AdBlock = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.9_0\
CHR - Extension: Google Wallet = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/08/03 23:26:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O13 - gopher Prefix: missing
O16 - DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} http://192.168.1.68/AVC_AX_742.cab (AMCCtrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{460B042F-A4E4-441A-ACC2-3C8F065ABDD8}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B89CE93C-F058-4423-AD4F-B552A5C6E64A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B89CE93C-F058-4423-AD4F-B552A5C6E64A}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/06 14:19:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/08/05 12:38:04 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\frst
[2014/08/04 13:18:33 | 000,000,000 | ---D | C] -- C:\FRST
[2014/08/04 13:16:17 | 000,000,000 | ---D | C] -- C:\MATS
[2014/08/03 23:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/08/03 23:46:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/08/03 23:31:19 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014/08/03 23:28:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/08/03 23:20:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/08/03 22:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/08/03 21:44:41 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\Chromium
[2014/08/03 20:04:25 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\SYSTEMAX Software Development
[2014/08/03 20:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SYSTEMAX Software Development
[2014/08/03 20:03:53 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\PaintTool SAI English Pack(2)
[2014/08/03 20:01:14 | 000,000,000 | -HSD | C] -- C:\Users\USER\AppData\Local\EmieUserList
[2014/08/03 20:01:14 | 000,000,000 | -HSD | C] -- C:\Users\USER\AppData\Local\EmieSiteList
[2014/08/03 19:19:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/08/03 19:09:19 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/08/03 19:08:58 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/03 18:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014/08/03 18:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/08/03 18:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/08/03 18:10:29 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\20464
[2014/07/22 13:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2014/07/22 13:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2014/07/18 16:08:56 | 000,021,656 | ---- | C] (Echobit, LLC) -- C:\Windows\SysNative\drivers\evolve.sys
[2014/07/18 16:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Echobit
[2014/07/18 16:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Echobit
[2014/07/18 16:08:20 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\Echobit
[2014/07/16 13:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Riot Games
[2014/07/15 20:35:53 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\RenPy
[2014/07/15 20:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Katawa Shoujo
[2014/07/15 03:41:31 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\cowboy bebop 9
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/06 15:03:11 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/06 15:03:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/06 15:03:04 | 3179,053,056 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/06 14:56:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/06 14:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/06 14:25:30 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/06 14:23:59 | 003,278,226 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/06 14:23:59 | 002,626,494 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/06 14:23:59 | 000,006,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/06 14:22:27 | 000,028,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/06 14:22:27 | 000,028,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/05 13:13:40 | 000,095,217 | ---- | M] () -- C:\Users\USER\Desktop\adwcleanerthingy.png
[2014/08/05 13:12:34 | 000,293,473 | ---- | M] () -- C:\Users\USER\Desktop\adwcleanerthing.png
[2014/08/05 00:45:58 | 000,166,814 | ---- | M] () -- C:\Users\USER\Desktop\tilthis.png
[2014/08/04 02:05:19 | 000,002,283 | ---- | M] () -- C:\Users\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/08/03 23:50:41 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/03 23:26:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/08/03 21:39:53 | 000,007,605 | ---- | M] () -- C:\Users\USER\AppData\Local\Resmon.ResmonCfg
[2014/08/03 19:08:49 | 001,361,309 | ---- | M] () -- C:\Users\USER\Desktop\AdwCleaner.exe
[2014/08/03 18:34:02 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/08/02 22:03:02 | 000,458,429 | ---- | M] () -- C:\Users\USER\Desktop\4chan.png
[2014/07/27 03:50:15 | 000,955,243 | ---- | M] () -- C:\Users\USER\Desktop\poppychallenger.png
[2014/07/25 13:13:05 | 000,145,775 | ---- | M] () -- C:\Users\USER\Desktop\plenairpls.png
[2014/07/24 23:27:17 | 000,228,345 | ---- | M] () -- C:\Users\USER\Desktop\oneyed.png
[2014/07/23 16:05:29 | 000,442,768 | ---- | M] () -- C:\Users\USER\Desktop\pingspikes.png
[2014/07/22 13:54:43 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2014/07/18 16:08:57 | 000,002,011 | ---- | M] () -- C:\Users\Public\Desktop\Evolve.lnk
[2014/07/18 16:08:56 | 000,021,656 | ---- | M] (Echobit, LLC) -- C:\Windows\SysNative\drivers\evolve.sys
[2014/07/18 16:03:45 | 000,000,222 | ---- | M] () -- C:\Users\USER\Desktop\Unturned.url
[2014/07/15 20:35:34 | 000,001,111 | ---- | M] () -- C:\Users\USER\Desktop\Katawa Shoujo.lnk
[2014/07/11 23:06:05 | 000,155,232 | ---- | M] () -- C:\Users\USER\Desktop\paypal trsnsaction.png
[2014/07/11 16:32:51 | 000,000,219 | ---- | M] () -- C:\Users\USER\Desktop\Counter-Strike Global Offensive.url
[2014/07/11 15:34:06 | 001,214,991 | ---- | M] () -- C:\Users\USER\Desktop\koroshita.png
[2014/07/08 18:45:44 | 005,267,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2014/08/05 13:13:39 | 000,095,217 | ---- | C] () -- C:\Users\USER\Desktop\adwcleanerthingy.png
[2014/08/05 13:12:34 | 000,293,473 | ---- | C] () -- C:\Users\USER\Desktop\adwcleanerthing.png
[2014/08/05 00:45:58 | 000,166,814 | ---- | C] () -- C:\Users\USER\Desktop\tilthis.png
[2014/08/03 23:50:41 | 000,002,283 | ---- | C] () -- C:\Users\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/08/03 23:50:41 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/03 23:50:00 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/03 23:49:59 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/03 21:31:13 | 000,007,605 | ---- | C] () -- C:\Users\USER\AppData\Local\Resmon.ResmonCfg
[2014/08/03 19:08:42 | 001,361,309 | ---- | C] () -- C:\Users\USER\Desktop\AdwCleaner.exe
[2014/08/03 18:34:02 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/08/03 18:09:48 | 000,002,294 | ---- | C] () -- C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2014/08/02 22:02:47 | 000,458,429 | ---- | C] () -- C:\Users\USER\Desktop\4chan.png
[2014/07/27 03:50:15 | 000,955,243 | ---- | C] () -- C:\Users\USER\Desktop\poppychallenger.png
[2014/07/25 13:13:05 | 000,145,775 | ---- | C] () -- C:\Users\USER\Desktop\plenairpls.png
[2014/07/24 23:27:17 | 000,228,345 | ---- | C] () -- C:\Users\USER\Desktop\oneyed.png
[2014/07/23 16:05:29 | 000,442,768 | ---- | C] () -- C:\Users\USER\Desktop\pingspikes.png
[2014/07/18 16:08:57 | 000,002,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
[2014/07/18 16:08:57 | 000,002,011 | ---- | C] () -- C:\Users\Public\Desktop\Evolve.lnk
[2014/07/18 16:03:45 | 000,000,222 | ---- | C] () -- C:\Users\USER\Desktop\Unturned.url
[2014/07/15 20:35:34 | 000,001,111 | ---- | C] () -- C:\Users\USER\Desktop\Katawa Shoujo.lnk
[2014/07/11 23:06:05 | 000,155,232 | ---- | C] () -- C:\Users\USER\Desktop\paypal trsnsaction.png
[2014/07/11 16:32:51 | 000,000,219 | ---- | C] () -- C:\Users\USER\Desktop\Counter-Strike Global Offensive.url
[2014/07/11 15:34:05 | 001,214,991 | ---- | C] () -- C:\Users\USER\Desktop\koroshita.png
[2013/10/15 17:00:33 | 000,000,031 | ---- | C] () -- C:\Windows\WebConfig.ini
[2013/10/15 16:59:53 | 002,555,406 | ---- | C] () -- C:\Windows\SysWow64\avcodec-54.dll
[2013/10/15 16:59:53 | 000,716,789 | ---- | C] () -- C:\Windows\SysWow64\unins000.exe
[2013/10/15 16:59:53 | 000,475,136 | ---- | C] () -- C:\Windows\SysWow64\SEPlayerPlus.dll
[2013/10/15 16:59:53 | 000,315,392 | ---- | C] () -- C:\Windows\SysWow64\SEPlayerPlus.exe
[2013/10/15 16:59:53 | 000,196,608 | ---- | C] () -- C:\Windows\SysWow64\SENetLibPlus.dll
[2013/10/15 16:59:53 | 000,157,198 | ---- | C] () -- C:\Windows\SysWow64\avutil-51.dll
[2013/10/15 16:59:53 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\SESDKPlus.dll
[2013/10/15 16:59:53 | 000,001,216 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat
[2013/08/07 19:30:09 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/06/04 14:22:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/06/04 14:18:30 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/06/04 14:18:30 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/06/04 14:18:30 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/05/25 11:32:28 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/05/25 11:32:27 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2013/05/25 11:32:27 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2013/05/25 11:32:26 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2013/05/25 11:32:26 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2013/03/28 19:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/28 19:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/10/01 09:33:03 | 000,767,674 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/29 18:50:38 | 000,000,069 | ---- | C] () -- C:\Windows\hjimesv.ini
[2012/09/29 18:50:36 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\winhcfgb.ini
[2012/09/29 17:34:53 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/09/29 17:34:53 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/09/29 17:34:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/09/29 17:05:01 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/09/29 17:04:55 | 000,030,435 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/06/27 20:31:33 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\.minecraft
[2014/02/23 00:52:27 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Battle.net
[2014/03/09 21:31:32 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Curse
[2014/03/09 21:31:49 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Curse Advertising
[2013/06/24 18:48:33 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Downloaded Installations
[2013/11/27 10:55:06 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\HNC
[2013/06/04 15:54:50 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\LolClient
[2013/10/15 19:56:47 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\OBS
[2013/10/29 16:46:47 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Old_Skype
[2014/07/15 20:35:53 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\RenPy
[2013/06/04 14:27:38 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Riot Games
[2014/02/05 22:56:26 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\RSBot
[2014/08/03 20:04:25 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\SYSTEMAX Software Development
[2014/07/04 22:38:11 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\TeamViewer
[2014/08/05 12:37:06 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\uTorrent
[2014/05/27 20:15:58 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Wacom
[2014/05/27 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
 
========== Purity Check ==========
 
 
 
< End of report >

  • 0

#12
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I appreciate your patience as this is not resolving as quickly as I'd like. I'm going to closely review this latest scan and the past work we've done as I've obviously missed something.

 

I'm sorry to re-ask, but I need to be sure. For the OTL scan uTorrent was uninstalled, correct?

 

And then, I'm just not understanding what your saying here.

 

No, there's a certain thing in the chrome browser when I run scan on Adw. and it shows up, however even after cleaning several times, it still remains.

 

Tell me if this correct... You start up the Chrome browser and this URL (meaning the Webpage or Website)

 

http://imgur.com/O2TV4vs

is where the Chrome Browser tries to take you? Is it sort of like your Home Page now (even though you'd want something else)? Or, am I completely missing what you're saying.

 

 

Also, have you experimented with IE to see if that same URL is forced on you?

 

I'm going to assume that the OTL fix ran correctly before you ran the OTL scan and that the computer still does not work any better than when you first came here. Right?

 

Last, when the OTL fix ran, it created a log file that we call the the Moved Files log. Would you locate it; it will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run) and post it for me please.


  • 0

#13
djmaxaaron

djmaxaaron

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Yes, I removed Utorrent right after you suggested, and for the url, it's not a url, rather when I run Adwcleaner and press scan, when I look at the results and check the chrome tab in the Adwcleaner, there is one line

http://imgur.com/WuvTHPM    that this picture should show that always remains no matter how many times I run clean

 

It has nothing to do with the actual browser, I can run chrome fine without it taking me anywhere else than the homepage and any other website I want I just thought it was weird that it would still show up after I pressed clean many times.

 

Also, the cpu problem seems to have lessened, there is less lag so I think it's running better than before but I don't know if there's anything else wrong with the computer because im not that tech savvy just wanted to make sure my computer was virus free

 

 

Also, I couldn't find the moved file, all I could find was the extras file

OTL Extras logfile created on: 8/6/2014 3:04:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\USER\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.95 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 59.09% Memory free
7.89 Gb Paging File | 6.04 Gb Available in Paging File | 76.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 7.25 Gb Free Space | 6.49% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 461.09 Gb Free Space | 99.00% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{144884FD-3B25-4E8C-8067-4E09798D7B9D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{147661B6-48FA-4A3B-A79F-469D4D295C59}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2C544147-3E46-4086-B7DF-5305C1A89BAF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4268B3FD-B1CC-49BC-86B3-8CC5457BC43A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{46C3CC78-CB4C-4978-B51E-71098F5CCE23}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4CFAAAC3-A35F-4E86-9549-D6DE0E8700C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{56EC0829-CBDC-426D-855F-D1AE8647634F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5A8CF39E-182F-43E7-B9DF-224E416575D7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{635153A6-B6CE-47C8-880B-798FC68454A8}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{656AF7F3-1003-4B8E-9D1C-B88D881C9DEE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6DFAC7A8-AA26-4D08-8466-6DC02DBC2391}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{74FA40AE-69C1-4D17-A1E8-8ED52BAAA5D0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{7BD5FB1C-81CF-4ADE-8EE5-CB0B49F2289E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{7C9E2F51-BD54-4D6A-B60F-7A1D6A5E2AFB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8A99894D-5A1A-4089-B333-BD7465E599E9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{942CFB65-6C0E-4E50-B7C6-2E024427B3C9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BA4DFD42-55E7-4B1E-B3CA-7A0B519953E4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BAFB210D-C9D0-439D-8B45-8EC529189B07}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BD454740-6AE3-4A0D-B1AB-4C9EAC8FF1E9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C1ED4DC7-4490-4F75-93AE-41605D03829E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C7BCA3A6-FFB8-48A1-BC56-B1C4650A2447}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D6A48C7F-DDE7-4630-9553-86033CC27BB6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D6C34B45-4CD0-4223-82C8-4260020EDE82}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DD16A273-0B08-475B-A9E3-2E609E6988A5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F2917F3B-0351-482B-B4C1-D8B5911EEAC2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F48FD310-D1DB-4823-A7FE-24120D3734A0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F8106749-942E-4A6A-A577-DD280AF7AD0C}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08E3F1DD-CA11-46E6-B0FE-0E71FE69F15A}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"{0AC8C07F-DACE-40D7-BD0C-B3A5E7EA6ACF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0B293E12-3F07-4421-ADCC-0C704AFD0315}" = dir=in | app=c:\program files\echobit\evolve\evosvc.exe | 
"{0BD35D23-1D6B-45DF-A696-280CEC293EAC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{10230D0D-DCDF-49B1-A57E-3DE93B4FD96E}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"{10C039F7-D6B9-4144-9492-AB11DC147005}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{115D2570-A5D5-444D-8237-F516F77061A6}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{1D0C536C-E2AB-4121-B051-081386367DD3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{21145DFD-7EE5-40BD-AB10-C5401AF3EDAF}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{2148FBE8-6F0B-4156-8C3C-15FC13775C5A}" = protocol=58 | dir=in | [email protected],-28545 | 
"{2207A9D8-3A16-45A0-A669-42E44D5A7F36}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{26863215-A930-4DF0-BDBF-976C22278641}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe | 
"{2D2F63D0-E185-4F71-894E-6551E0651116}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{30C7F7FB-8FD8-46AF-9629-60C8B43EB610}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{363B5133-AEC8-495D-BDEB-5820697092F4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{38BA0299-3748-4F3C-ACF2-A38E350A6FEC}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{39F5C8E6-494F-47B6-AFDC-2ECADC8ADD5B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{41B62E5D-2401-443E-AF01-46398F3B6E34}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{44EE25CB-E969-4856-A783-AE3C2E7594B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{488986E5-5489-424A-97D2-D1B6DF4C7F0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4A88C8BC-B720-4E64-A7C5-9B2DCB4FE5C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unturned\unturned.exe | 
"{4FC28BFD-BB13-4EDF-9B9C-8125AEF91567}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{55EACE6E-66EE-4130-89F3-93D4E8BBEE9B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{593FF717-CCA4-438A-B1FD-EF61CDFCFAF8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{5CC3BDB8-56DA-446D-A7BF-22DA1840C8EF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5DB66B50-A1B4-4A3B-AB0D-1C94EC9AF752}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{67AAA6D6-C0D2-4B32-A8CB-42F88CC9028F}" = protocol=17 | dir=in | app=c:\program files (x86)\ipcmonitor_en\ipcmonitor.exe | 
"{6D6111D2-0E92-43C7-8D41-7158BF56C61E}" = protocol=17 | dir=in | app=e:\hmsearch_en.exe | 
"{6F00789A-F083-4312-8460-3B39D7F04E15}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{70EFB915-0D8D-4B08-BB61-9F68B78017C8}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe | 
"{7169002F-904E-477A-862E-0C810B5235C0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
"{7C53771D-2973-4524-BE02-8A1444B8401A}" = protocol=6 | dir=in | app=e:\hmsearch_en.exe | 
"{8300C626-D60E-4D6C-AB0D-E6BF605B7C38}" = protocol=1 | dir=out | [email protected],-28544 | 
"{8D06E3D2-FC4A-4B11-B3D9-FC8594501E67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{92298126-E963-42FA-9E32-DE03CA03135A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
"{92BB4DF2-B251-4AC9-834C-6B88257EDD46}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{959B9B73-3A66-4D73-8E19-06028AF21423}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe | 
"{982A2EE3-C3C5-4FAA-83D2-280B12EB7003}" = protocol=58 | dir=out | [email protected],-28546 | 
"{9E6C6EFA-FF56-4DCC-B244-E3B91B8BB575}" = dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicatorcom.exe | 
"{A2FDE358-2A6B-4F88-8ADF-686BE8F87648}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{A602AE75-3093-43AC-ADAC-6FF2F5AF716C}" = protocol=1 | dir=in | [email protected],-28543 | 
"{A95D97EF-5932-4611-95E4-376F1258AE2B}" = protocol=6 | dir=out | app=system | 
"{AE16CACA-6885-4279-9FC3-187AB961753C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{B1F6D558-49E3-4E3F-9B5F-4C19A600EDE0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{B2F31A79-4D13-4551-89A2-460F94379564}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B3FB38C9-A2A4-48DB-9192-3380FDB53A6A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{B64CC14D-12E8-4B26-8EB3-3722DD38FB59}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{B79FCD55-BDE1-4D2B-8A41-062CC23E27EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BEF48F72-969A-4543-AB81-5DE3B7B4E0CE}" = protocol=6 | dir=in | app=c:\program files (x86)\ipcmonitor_en\ipcmonitor.exe | 
"{BEFC493E-A297-4B5D-97C3-E74ACB3BE81A}" = dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe | 
"{C1C84715-0200-4213-868D-67C874FC4318}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe | 
"{C2A14404-E22C-4C0E-B730-4FE92303E229}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{C31B6E71-3D8F-4C7E-A9A9-C5515173B10E}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{C3459379-7F4C-4AB7-B852-96D7A7D6DF8D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{C3A26930-1650-4F96-80A0-96834F62F134}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{C799EFC0-6F55-4E6F-93A2-3CE4754C4A43}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{CB44B6C8-5EAB-4C68-B6D0-597D2273D875}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{CEAAAA0D-D823-4539-97D5-B58BB7ED3270}" = dir=in | app=c:\program files\echobit\evolve\evolveclient.exe | 
"{D1D116D4-4820-42F8-9C86-89AD2541A1BD}" = dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | 
"{D58ADFC5-68F9-478C-B7DB-F64E7A77ECA1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{D6166FA8-48CE-478D-835A-45D240CFB870}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DEFFF0BD-BEB5-4ECB-AD71-9A95F46997C2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{E0B7EA6C-D0E4-459C-96E7-430557819DA3}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{E3F64E45-33D2-4BC2-A8A1-BEA11CCFA665}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{E741CAF6-AB48-46DC-AE34-8FAF4BD818C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unturned\unturned.exe | 
"{E7F78AD5-77FF-4E9D-9AB1-03F2A30BF792}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{EC56CC67-B23B-48E2-943A-87D8A3D66D9F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EE1F8BE9-F55B-4F6D-A4DC-DA24CCF5C264}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{F3F30653-634F-4105-8533-832E13EB8258}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{F660619B-BFE2-4048-B67E-7292F1B58333}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{0B79B33C-DC9E-45CF-858A-73FBE933E4B2}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{675AC96D-AD09-452F-A369-E55196A2F8BA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{BB7BCE85-9BE3-4F20-B647-3AA115DF654C}C:\program files (x86)\ipcmonitor_en\nvrplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ipcmonitor_en\nvrplay.exe | 
"TCP Query User{C4305723-026A-4E31-BC25-7BBA8CED824C}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{D5B06E45-4172-4A3F-9389-A6D311DF81AF}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{F6ADD9DA-0C1C-47C3-BB9C-0BE9D49A9D14}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{425AFF34-F0E3-44D7-97EB-0F822B58D248}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{5F6D2375-91FA-41F0-A6A5-63F4721CABEB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{7AB902E1-79B4-4FC0-82BF-5B99B7455658}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{82C21CBD-5E7A-46EE-9049-56531ED8F5EE}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{9F464EB1-C72A-4D28-9429-D021A70187DE}C:\program files (x86)\ipcmonitor_en\nvrplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ipcmonitor_en\nvrplay.exe | 
"UDP Query User{A73F7C64-369F-4700-A7E7-94D88C276A0A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}" = AMD Catalyst Install Manager
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client
"{6457BD83-98CF-4267-93D7-F173FF3E7C25}" = HP Deskjet 3050 J610 series Basic Device Software
"{670B1B49-9FD3-4827-9B41-471EFF580AA8}" = Evolve
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DB5331E-20A5-C1A7-E0E5-3A023C304389}" = AMD AVIVO64 Codecs
"{7BC4167C-BD93-55BD-3C97-53D49764B89E}" = ccc-utility64
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{7DF39B3F-E4C4-9FAF-229B-863F12AB405C}" = AMD Drag and Drop Transcoding
"{81F9BAD3-8695-87CE-F7FB-E0C2DAE248E8}" = AMD Media Foundation Decoders
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{93CC7ABC-A87B-6AB2-9E6D-073B5FF2A794}" = AMD Accelerated Video Transcoding
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D386FE62-CD8D-C8E0-DCA7-ED5FCAB476A5}" = AMD Wireless Display v3.0
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"CCleaner" = CCleaner
"HitmanPro37" = HitmanPro 3.7
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pen Tablet Driver" = Wacom
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{036A2AC2-5514-1499-8F0E-48009132658F}" = CCC Help Portuguese
"{0685213E-9FF3-1368-37E3-5CECB5A0708C}" = CCC Help Russian
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{07CD994D-2144-41B9-5C2C-A85B40EBBA51}" = CCC Help Finnish
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F747F46-57A0-6CD3-A234-BD4E46F2BFEB}" = CCC Help Polish
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1D91F7DA-F517-4727-9E62-B7EA978BE980}" = Hanword 2010
"{1EB8D6DC-DA9E-837D-C31A-0FCE20E1EF76}" = Catalyst Control Center Localization All
"{20779EFD-5A24-45F7-A133-132975478C4E}_is1" = web control version 3.0.1.8
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 51
"{295E13D5-2CCE-C01B-4E21-F41F543CF2C2}" = CCC Help Spanish
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{384E9F9A-4E8C-562C-E6D1-E494F9CADF7C}" = CCC Help Korean
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3C249872-D97C-62F9-A3E2-F7AAAC07BEF8}" = CCC Help Chinese Traditional
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{45160C56-61F6-468D-A5B0-9FAE2C3E68D6}" = Catalyst Control Center - Branding
"{45B2C1A3-2050-0BC1-0A90-50EB4A7E77A8}" = CCC Help Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB8B7F6-726B-2301-DD5A-067F95A8A48F}" = CCC Help German
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{528EFF5D-2209-B614-40C0-5D87F73F3E8D}" = CCC Help French
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58ECCB6B-73FB-CBBA-42FC-91659DFA342C}" = CCC Help Chinese Standard
"{61048242-4586-417E-B51E-4A9FF54F317F}" = EnuFontInstaller
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63A5F548-B114-4413-BD9E-5EAF35F90779}" = RRDtool
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{6547BC5F-1FC4-CD5D-3783-45370C980043}" = Catalyst Control Center
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{752EEDEB-8605-8E51-2135-48AF996C8DFC}" = CCC Help English
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8D962C94-3D7C-2163-B37E-9CB48B7D1DCD}" = CCC Help Dutch
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EC13308-5065-43FA-A5E8-E225F18DAB89}_is1" = IPCMonitor_en 1.0.1.9
"{90157C5D-D791-4D36-8C2B-7553DC01D601}" = ASUS VGA Driver
"{90DFD61B-8224-00C6-3D69-A983B60A394E}" = Bamboo Dock
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{A6F818D2-85B7-84E2-C33C-8E74D747AD55}" = CCC Help Greek
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Fran?is, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8230940-0DCC-E180-5744-4442F6C0CA28}" = CCC Help Thai
"{BA0F9EA0-1313-976B-4809-A5535AB8E207}" = HydraVision
"{BDA0EB29-8B31-4BF4-8B05-04AA52340AC4}" = LogMeIn Hamachi
"{C123749C-23EC-62DB-A5FD-1ED5BC359AAF}" = CCC Help Japanese
"{C218AFCB-7EAB-FEC3-6552-FF090B3FD0A1}" = CCC Help Czech
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C533DBF1-3A98-5D7D-B6CA-59CC1816F38C}" = CCC Help Italian
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{CF097717-F174-4144-954A-FBC4BF301042}" = Nero 7 Ultra Edition
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D29491A3-BA85-F712-5C8D-B7E6803FEAD7}" = CCC Help Hungarian
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9A1A69D-D788-12C5-3218-64EFB8C6ACFD}" = Catalyst Control Center Graphics Previews Common
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E745587A-2ED8-BA64-680E-BC35BE223275}" = CCC Help Danish
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EA92CB68-9667-343A-1F53-B039583F2A3A}" = Catalyst Control Center InstallProxy
"{EC6004A3-B6E7-9728-55E8-508ABE51798F}" = CCC Help Norwegian
"{EDAA1085-C196-29B1-48B0-B82B72114001}" = CCC Help Swedish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Bamboo Dock" = Bamboo Dock
"Battle.net" = Battle.net
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"DragonNest" = DragonNest
"DtsFilter" = DTS+AC3 Filter
"ESET Online Scanner" = ESET Online Scanner v3
"GomTV Launcher Plugin" = GOMTV Plug-in
"Google Chrome" = Google Chrome
"Haansoft HWord 80 Korean" = Hanword 2010
"Hearthstone" = Hearthstone
"Hyper - Browser" = Hyper - Browser
"Katawa Shoujo" = Katawa Shoujo
"League of Legends 3.0.0" = League of Legends
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"MapleStory" = MapleStory
"Open Broadcaster Software" = Open Broadcaster Software
"Steam" = Steam
"Steam App 205790" = Dota 2 Test
"Steam App 304930" = Unturned
"Steam App 570" = Dota 2
"Steam App 730" = Counter-Strike: Global Offensive
"TeamViewer 8" = TeamViewer 8
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/5/2014 10:48:42 PM | Computer Name = USER-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 8/5/2014 10:52:59 PM | Computer Name = USER-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
 when process Performance extension counter provider. The BaseIndex value from the
 Performance registry is the first DWORD in the Data section, LastCounter value 
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
 the Data section.
 
Error - 8/5/2014 10:52:59 PM | Computer Name = USER-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD in the Data section contains the error code.
 
Error - 8/6/2014 12:23:01 AM | Computer Name = USER-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MAPLESTORY.EXE, version: 8.151.2.0, time
 stamp: 0x53c3567f  Faulting module name: MAPLESTORY.EXE, version: 8.151.2.0, time
 stamp: 0x53c3567f  Exception code: 0xc0000005  Fault offset: 0x01040da6  Faulting process
 id: 0x2a0  Faulting application start time: 0x01cfb12cf7917135  Faulting application
 path: C:\Nexon\MapleStory\MAPLESTORY.EXE  Faulting module path: C:\Nexon\MapleStory\MAPLESTORY.EXE
Report
 Id: 5a000b41-1d21-11e4-9416-60a44c32b2b1
 
Error - 8/6/2014 5:18:48 PM | Computer Name = USER-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 8/6/2014 5:23:56 PM | Computer Name = USER-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
 when process Performance extension counter provider. The BaseIndex value from the
 Performance registry is the first DWORD in the Data section, LastCounter value 
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
 the Data section.
 
Error - 8/6/2014 5:23:56 PM | Computer Name = USER-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD in the Data section contains the error code.
 
Error - 8/6/2014 5:37:26 PM | Computer Name = USER-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
 security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
 security client\MSESysprep.dll" on line 10.  The element imaging appears as a child
 of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by 
this version of Windows.
 
Error - 8/6/2014 5:37:44 PM | Computer Name = USER-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 8/6/2014 6:04:56 PM | Computer Name = USER-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 8/5/2014 3:36:09 PM | Computer Name = USER-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature:
 %%835     Error Code: 0x80004005     Error description: Unspecified error      Reason: %%842
 
Error - 8/5/2014 3:40:59 PM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
Description = The Power Control [2012/10/01 09:49:42] service failed to start due
 to the following error:   %%3
 
Error - 8/5/2014 3:44:07 PM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
Description = The Power Control [2012/10/01 09:49:42] service failed to start due
 to the following error:   %%3
 
Error - 8/5/2014 3:44:11 PM | Computer Name = USER-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature:
 %%835     Error Code: 0x80004005     Error description: Unspecified error      Reason: %%842
 
Error - 8/5/2014 9:43:27 PM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
Description = The Power Control [2012/10/01 09:49:42] service failed to start due
 to the following error:   %%3
 
Error - 8/5/2014 9:43:44 PM | Computer Name = USER-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature:
 %%835     Error Code: 0x80004005     Error description: Unspecified error      Reason: %%842
 
Error - 8/5/2014 10:46:56 PM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
Description = The Power Control [2012/10/01 09:49:42] service failed to start due
 to the following error:   %%3
 
Error - 8/6/2014 5:17:03 PM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
Description = The Power Control [2012/10/01 09:49:42] service failed to start due
 to the following error:   %%3
 
Error - 8/6/2014 5:19:41 PM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7034
Description = The Adobe Acrobat Update Service service terminated unexpectedly. 
 It has done this 1 time(s).
 
Error - 8/6/2014 6:03:10 PM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
Description = The Power Control [2012/10/01 09:49:42] service failed to start due
 to the following error:   %%3
 
 
< End of report >

  • 0

#14
djmaxaaron

djmaxaaron

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Wait, never mind i found it sorry

 

All processes killed
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: USER
->Temp folder emptied: 6117194906 bytes
->Temporary Internet Files folder emptied: 6301247 bytes
->Java cache emptied: 6201837 bytes
->Google Chrome cache emptied: 238649844 bytes
->Flash cache emptied: 57200 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70107 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 55409647 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 6,126.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 08062014_141941
 
Files\Folders moved on Reboot...
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{FD6120EB-29D3-4DFD-8C4D-7C8C15BBAD52}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\8F4HND6M\tag.mothernist.hiro.tv\US_FARM_mothernist.hiro.t#\v_STREMING_CLIENT_ID_COOKIE.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{FD6120EB-29D3-4DFD-8C4D-7C8C15BBAD52}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\8F4HND6M\macromedia.com\support\flashplayer\sys\#player.longtailvideo.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{F70023A2-C20C-44DD-B421-CCB7CAA50A55}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\W38NQV4E\macromedia.com\support\flashplayer\sys\#tag.mediashakers.hiro.tv\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{F70023A2-C20C-44DD-B421-CCB7CAA50A55}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\W38NQV4E\macromedia.com\support\flashplayer\sys\#player.healthination.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{F70023A2-C20C-44DD-B421-CCB7CAA50A55}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\W38NQV4E\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{F70023A2-C20C-44DD-B421-CCB7CAA50A55}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\W38NQV4E\macromedia.com\support\flashplayer\sys\#cloud.nmg.netdna-cdn.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{F41A1B99-6F7F-4586-83EC-058E3C5D1000}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\6G3BGATH\macromedia.com\support\flashplayer\sys\#cloud.nmg.netdna-cdn.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{E4C54325-4808-4E20-BD78-AE67656FB4C5}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\4BP2WZ92\unblo#\cker.thesyndicationserver.co.uk\US_FARM#\__STREMING_CLIENT_ID_COOKIE.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{E4C54325-4808-4E20-BD78-AE67656FB4C5}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\4BP2WZ92\tag.mothernist.hiro.tv\US_FARM_mothernist.hiro.t#\v_STREMING_CLIENT_ID_COOKIE.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{E4C54325-4808-4E20-BD78-AE67656FB4C5}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\4BP2WZ92\tag.atvnetworks.tv\US_FARM_audiencetv.hiro.t#\v_STREMING_CLIENT_ID_COOKIE.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{E4C54325-4808-4E20-BD78-AE67656FB4C5}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\4BP2WZ92\macromedia.com\support\flashplayer\sys\#tag.coffeetable.hiro.tv\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{DFC7A7E4-181D-4BBA-84C5-F9F87161CFA6}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D6Y47Z5B\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{DE25BC76-557A-4CD3-9337-36F66C5CF24A}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DY22XLMD\macromedia.com\support\flashplayer\sys\#cloud.nmg.netdna-cdn.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{DDA17BDA-CF33-43D5-AA87-470E0384F420}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\KHN8JPG4\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{DDA17BDA-CF33-43D5-AA87-470E0384F420}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\KHN8JPG4\macromedia.com\support\flashplayer\sys\#anomaly.realgravity.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{DAB4B9D2-9292-41F5-887C-0481F05B90F0}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\466TFZ36\vi#\dtur.thesyndicationserver.co.uk\US_FARM#\__STREMING_CLIENT_ID_COOKIE.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{DAB4B9D2-9292-41F5-887C-0481F05B90F0}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\466TFZ36\tag.mothernist.hiro.tv\US_FARM_mothernist.hiro.t#\v_STREMING_CLIENT_ID_COOKIE.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{D926CF08-8944-4163-96EA-BFFBA3749D24}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\Y48LRC2A\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{D926CF08-8944-4163-96EA-BFFBA3749D24}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\Y48LRC2A\cdn.140fire.com\ads\flowplayer\flowplayer.commercial-3.2.7.swf\org.flowplayer.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{D864CF50-B8BD-402F-AC0B-E675FDBF5976}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\Y9YE7RAC\macromedia.com\support\flashplayer\sys\#tag.mediashakers.hiro.tv\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{D864CF50-B8BD-402F-AC0B-E675FDBF5976}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\Y9YE7RAC\macromedia.com\support\flashplayer\sys\#tag.coffeetable.hiro.tv\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{C77F6E19-C5FD-4BE4-86E8-6EC3F302AF30}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NBRDXUJ5\macromedia.com\support\flashplayer\sys\#anomaly.realgravity.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{BD9DF9F0-A771-48A6-A8F6-FEECD07E4409}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XDSYS2AX\macromedia.com\support\flashplayer\sys\#player.videopublishing.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{BD9DF9F0-A771-48A6-A8F6-FEECD07E4409}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XDSYS2AX\macromedia.com\support\flashplayer\sys\#external.kongregate-games.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{A6D87ACE-C451-417A-9BA4-CBDA00585A9F}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NS8KC97Z\macromedia.com\support\flashplayer\sys\#cloud.nmg.netdna-cdn.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{9D9B08A1-C5D2-4BB0-A2F5-CB99D657EEC3}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BTCFJLBP\macromedia.com\support\flashplayer\sys\#anomaly.realgravity.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{98047612-57D6-42B5-8208-285ED0CA3405}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WYPMVC8Y\macromedia.com\support\flashplayer\sys\#cloud.nmg.netdna-cdn.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{92DDB505-989F-4F8F-8E55-423B5E5721B2}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\84EKU7EK\macromedia.com\support\flashplayer\sys\#tag.gamecentral.hiro.tv\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{92793C49-4255-4333-BC77-C45D9C08E61F}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J2L593A8\macromedia.com\support\flashplayer\sys\#player.videopublishing.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{90D2A9E5-CBD5-4E4C-B72D-8F17F59A9BDC}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DG3RYTQG\unblo#\cker.thesyndicationserver.co.uk\US_FARM#\__STREMING_CLIENT_ID_COOKIE.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{90D2A9E5-CBD5-4E4C-B72D-8F17F59A9BDC}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DG3RYTQG\macromedia.com\support\flashplayer\sys\#besttv27.cdn.it.best-tv.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{90D2A9E5-CBD5-4E4C-B72D-8F17F59A9BDC}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DG3RYTQG\macromedia.com\support\flashplayer\sys\#appassets.kickstatic.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{90D2A9E5-CBD5-4E4C-B72D-8F17F59A9BDC}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DG3RYTQG\macromedia.com\support\flashplayer\sys\#anomaly.realgravity.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{8E484C6D-55F6-41ED-AA2A-62A24850F6F8}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\87Q2ZLD3\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{8E484C6D-55F6-41ED-AA2A-62A24850F6F8}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\87Q2ZLD3\cdn.140fire.com\ads\flowplayer\flowplayer.commercial-3.2.7.swf\org.flowplayer.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{8963E4D4-A145-4F6B-8D68-53230E78D692}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DSH8BL7U\macromedia.com\support\flashplayer\sys\#wp-assets.healthination.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{8963E4D4-A145-4F6B-8D68-53230E78D692}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DSH8BL7U\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{8677CBFA-947D-40F7-9E87-73063E27201D}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VEGPNW5D\macromedia.com\support\flashplayer\sys\#appassets.kickstatic.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{8674B80A-255D-4E68-844E-2E414C9A52E9}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\CJ29T6WB\macromedia.com\support\flashplayer\sys\#www.realmilitaryvideos.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{8674B80A-255D-4E68-844E-2E414C9A52E9}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\CJ29T6WB\macromedia.com\support\flashplayer\sys\#cloud.nmg.netdna-cdn.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{8422388A-49C2-47F3-8F41-3CC46632CCCB}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BVBK7QZW\macromedia.com\support\flashplayer\sys\#www.realmilitaryvideos.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{8422388A-49C2-47F3-8F41-3CC46632CCCB}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BVBK7QZW\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{81AA0AA6-193A-4C90-85EB-0261766F2173}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D6M7VDSY\macromedia.com\support\flashplayer\sys\#www.realmilitarymovies.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{81AA0AA6-193A-4C90-85EB-0261766F2173}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D6M7VDSY\macromedia.com\support\flashplayer\sys\#cloud.nmg.netdna-cdn.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{7FC6BB27-4E4D-4F57-B1F6-D925BF375F7E}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\H2PFBEZ5\macromedia.com\support\flashplayer\sys\#player.longtailvideo.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{6F810EDC-78C5-48A0-86D6-DFB9954177AC}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\CPFFU7RG\vi#\dtur.thesyndicationserver.co.uk\US_FARM#\__STREMING_CLIENT_ID_COOKIE.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{6F810EDC-78C5-48A0-86D6-DFB9954177AC}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\CPFFU7RG\tag.mothernist.hiro.tv\US_FARM_mothernist.hiro.t#\v_STREMING_CLIENT_ID_COOKIE.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{6F810EDC-78C5-48A0-86D6-DFB9954177AC}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\CPFFU7RG\tag.atvnetworks.tv\US_FARM_audiencetv.hiro.t#\v_STREMING_CLIENT_ID_COOKIE.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{6F810EDC-78C5-48A0-86D6-DFB9954177AC}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\CPFFU7RG\macromedia.com\support\flashplayer\sys\#tag.coffeetable.hiro.tv\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{6F810EDC-78C5-48A0-86D6-DFB9954177AC}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\CPFFU7RG\macromedia.com\support\flashplayer\sys\#cloud.nmg.netdna-cdn.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{6F810EDC-78C5-48A0-86D6-DFB9954177AC}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\CPFFU7RG\macromedia.com\support\flashplayer\sys\#anomaly.realgravity.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{6DCED6BF-545F-402B-997C-39CD1957127B}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\4R56UEJ4\macromedia.com\support\flashplayer\sys\#cloud.nmg.netdna-cdn.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{6DCED6BF-545F-402B-997C-39CD1957127B}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\4R56UEJ4\macromedia.com\support\flashplayer\sys\#anomaly.realgravity.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{68A664B9-F657-49EA-A4F9-0B19AF48C1CB}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NQR6ZEQF\macromedia.com\support\flashplayer\sys\#tag.coffeetable.hiro.tv\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{68A664B9-F657-49EA-A4F9-0B19AF48C1CB}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NQR6ZEQF\macromedia.com\support\flashplayer\sys\#anomaly.realgravity.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{684AB267-16C5-4A04-AB80-377798087A79}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\24T4FJBT\macromedia.com\support\flashplayer\sys\#tag.gamecentral.hiro.tv\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{684AB267-16C5-4A04-AB80-377798087A79}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\24T4FJBT\macromedia.com\support\flashplayer\sys\#player.longtailvideo.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{684AB267-16C5-4A04-AB80-377798087A79}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\24T4FJBT\macromedia.com\support\flashplayer\sys\#core.insightexpressai.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{6714C9E7-1EB7-44CD-B318-279BF63358B0}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XQH4ETH7\macromedia.com\support\flashplayer\sys\#tag.mediashakers.hiro.tv\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{6714C9E7-1EB7-44CD-B318-279BF63358B0}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XQH4ETH7\macromedia.com\support\flashplayer\sys\#entitlement.auth.adobe.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{62D919FD-412C-41A7-B1FE-3E784D28860E}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\GUBKHCDX\tag.atvnetworks.tv\US_FARM_audiencetv.hiro.t#\v_STREMING_CLIENT_ID_COOKIE.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{62D919FD-412C-41A7-B1FE-3E784D28860E}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\GUBKHCDX\macromedia.com\support\flashplayer\sys\#tag.coffeetable.hiro.tv\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{62D919FD-412C-41A7-B1FE-3E784D28860E}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\GUBKHCDX\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{5BD8D8BA-243B-4C7E-9513-3C521DD3FB56}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\F6RQKGU3\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{55C39175-0525-4903-B226-24A090F1CF58}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VDG62X65\macromedia.com\support\flashplayer\sys\#static-cdn.burstmedia.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{55C39175-0525-4903-B226-24A090F1CF58}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VDG62X65\macromedia.com\support\flashplayer\sys\#core.insightexpressai.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{55C39175-0525-4903-B226-24A090F1CF58}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VDG62X65\macromedia.com\support\flashplayer\sys\#anomaly.realgravity.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{50784C8A-F2D5-414F-9A02-47DD2578914F}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\YKB7EHBE\macromedia.com\support\flashplayer\sys\#player.healthination.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{4FCC3EDA-C919-43C5-BC4C-83F20088520C}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\UQTHRWNJ\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{4FCC3EDA-C919-43C5-BC4C-83F20088520C}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\UQTHRWNJ\macromedia.com\support\flashplayer\sys\#appassets.kickstatic.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{4C782724-2E51-4A68-94F6-A4D1FB2099B5}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\973NXTXM\macromedia.com\support\flashplayer\sys\#player.healthination.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{4C782724-2E51-4A68-94F6-A4D1FB2099B5}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\973NXTXM\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{4C782724-2E51-4A68-94F6-A4D1FB2099B5}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\973NXTXM\macromedia.com\support\flashplayer\sys\#core.insightexpressai.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{4C782724-2E51-4A68-94F6-A4D1FB2099B5}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\973NXTXM\macromedia.com\support\flashplayer\sys\#anomaly.realgravity.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{434875C7-5727-46F5-BFDF-DB6BD2875EE3}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\UZWX8B2A\macromedia.com\support\flashplayer\sys\#tag.mediashakers.hiro.tv\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{42B7B578-880B-4CDE-8C12-F3ED08FEB2DD}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\3MWGHEE4\tag.mothernist.hiro.tv\US_FARM_mothernist.hiro.t#\v_STREMING_CLIENT_ID_COOKIE.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{42B7B578-880B-4CDE-8C12-F3ED08FEB2DD}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\3MWGHEE4\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{42B7B578-880B-4CDE-8C12-F3ED08FEB2DD}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\3MWGHEE4\macromedia.com\support\flashplayer\sys\#besttv27.cdn.it.best-tv.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{42B7B578-880B-4CDE-8C12-F3ED08FEB2DD}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\3MWGHEE4\macromedia.com\support\flashplayer\sys\#anomaly.realgravity.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{3FA6AF73-D249-48E5-BA2C-E08E1EAFEEA8}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\UHSVTLNW\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{385808ED-DFA7-46DD-9D5C-F57BD01C02EE}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PXBH3PK6\macromedia.com\support\flashplayer\sys\#core.insightexpressai.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{385808ED-DFA7-46DD-9D5C-F57BD01C02EE}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PXBH3PK6\edgecdn.cinesport.com\_media\flash\CsprtLitePlayer.swf\csprt_CineSport-Alpha.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{227D4CBF-9DFB-4027-B225-FDC392CCDE77}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\K9L5X4LE\macromedia.com\support\flashplayer\sys\#tag.mediashakers.hiro.tv\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{212F9F18-EC50-48F6-A923-1FEF313A2EFC}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BE3AV2GK\macromedia.com\support\flashplayer\sys\#anomaly.realgravity.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{1BB07414-4B17-495F-B2FF-9C08C0BCC50F}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\5M25VDF8\vi#\dtur.thesyndicationserver.co.uk\US_FARM#\__STREMING_CLIENT_ID_COOKIE.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{1BB07414-4B17-495F-B2FF-9C08C0BCC50F}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\5M25VDF8\macromedia.com\support\flashplayer\sys\#tag.coffeetable.hiro.tv\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{1BB07414-4B17-495F-B2FF-9C08C0BCC50F}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\5M25VDF8\macromedia.com\support\flashplayer\sys\#player.healthination.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{1BB07414-4B17-495F-B2FF-9C08C0BCC50F}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\5M25VDF8\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{1BB07414-4B17-495F-B2FF-9C08C0BCC50F}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\5M25VDF8\macromedia.com\support\flashplayer\sys\#core.insightexpressai.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{0C5C2799-0346-42E5-A984-5DA6C6FD5742}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\LX6UZFSQ\macromedia.com\support\flashplayer\sys\#www.realmilitarymovies.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{0846BA65-6687-4823-80CE-DEE599ABB753}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DKKZ6LE3\tag.mothernist.hiro.tv\US_FARM_mothernist.hiro.t#\v_STREMING_CLIENT_ID_COOKIE.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{0846BA65-6687-4823-80CE-DEE599ABB753}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DKKZ6LE3\macromedia.com\support\flashplayer\sys\#player.healthination.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{0846BA65-6687-4823-80CE-DEE599ABB753}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DKKZ6LE3\macromedia.com\support\flashplayer\sys\#cloud.nmg.netdna-cdn.com\settings.sol not found!
File\Folder C:\Users\USER\AppData\Local\Temp\{ADDE50EC-EF42-4792-8A0E-66E3917F1187}\{026AD456-B149-46D1-BFFE-35557DF8EB4A}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\78F4X5W8\macromedia.com\support\flashplayer\sys\#anomaly.realgravity.com\settings.sol not found!
C:\Users\USER\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

  • 0

#15
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I don't see any more malware in the scans that we've done. So, let's have a look at the Hardware. Specifically, the Hard Drive.

 

Open the Command Prompt window by clicking the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33_47., clicking All Programs, clicking Accessories, and then clicking Command Prompt.

 

Type the next line in at the command prompt and hit Return. Depending on what the utility finds, it may take a while (hours) to complete.

 

chkdsk c: /f /r

 

Next

 

I'd like you to Defrag your Hard Drive by following the instructions at this link.

 

Let me know how these go and then let me know if the performance improves. If not, I'll refer you to our Operating System and Hardware folks.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP