Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

steamguard.exe phishing virus [Solved]


  • This topic is locked This topic is locked

#1
kingkeef

kingkeef

    Member

  • Member
  • PipPip
  • 29 posts

I was tricked into downloading a file named steamguard.exe (nothing happened when running the file) and my computer seems a lot slower. I tried running MBAM and it did not pick up anything. Upon reading on this it seems it grabs some SSFN file and gives it to the host but I just want to make sure I'm not infected with any keyloggers, etc. I've changed my steam password.


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian. Let's take a look and see if you are infected.

 

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.
 


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performaning any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

 

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

 

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

 

- Finally Before We Start-

 

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

Fresh Set of Logs Needed
Let's begin. Please follow the steps below.
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.

    Only one of them will run on your system, that will be the right version.

2. Right click on the file and select Run as administrator (If you don't have this option simply double-click the file to open). When the tool opens click Yes to disclaimer.

3. Press Scan button.

4. It will produce a log called FRST.txt in the same directory the tool is run from (which should be the desktop)

5. Please copy and paste log back here.

6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

     Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.

 

 

 

Items for your next post

1. Contents of the FRST log.

2. Contents of the Addition log.


  • 0

#3
kingkeef

kingkeef

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

I was not able to post the FRST file without my computer freezing :\ I uploaded it on mediafire: http://www.mediafire...or2ez0/FRST.txt

 

 

 

 

Here's the addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Arthur at 2014-08-21 13:12:04
Running from C:\Users\Arthur\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader 9.5.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.0 - Adobe Systems Incorporated)
Advanced SystemCare 6 (HKLM-x32\...\Advanced SystemCare 6_is1) (Version: 6.3 - IObit)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Cisco Valet Connector (HKLM-x32\...\Cisco Valet Connector) (Version: 1.2.10104.2 - Cisco Consumer Products LLC)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Critical Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2938807) (HKLM-x32\...\{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}.KB2938807) (Version: 1 - Microsoft Corporation)
Cross Fire En (HKLM-x32\...\Cross Fire_is1) (Version:  - Z8Games.com)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.1 - Lenovo)
Energy Management (x32 Version: 6.0.1.1 - Lenovo) Hidden
GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Gyazo 1.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Toshiyuki Masui)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.07.0000.0730 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Java™ 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.0209.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3603 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++  Compilers 2010 Standard - enu - x64 (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++  Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50706 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Ultimate - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
NVIDIA Control Panel 301.42 (Version: 301.42 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 301.42 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.75.420 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.8.15 (Version: 1.8.15 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.8.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.8.15 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.8.15 - NVIDIA Corporation) Hidden
Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.7 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.7 - Lenovo) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.22 - Razer Inc)
Razer DeathAdder™ Mouse (HKLM-x32\...\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}) (Version: 3.03 - Razer USA Ltd.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6267 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
RtLED (HKLM\...\{ACB6F4ED-835B-44EC-9EFD-AC8C83D28597}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Soldier Front (HKLM-x32\...\Soldier Front) (Version:  - )
Soldier Front 2 (HKLM-x32\...\Soldier Front 2) (Version:  - )
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
SRS Premium Sound Control Panel (HKLM\...\{2998191E-A35E-47E2-BE38-7702C731D722}) (Version: 1.10.18.0 - SRS Labs, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{C87CA2A9-6070-4F2A-8247-261BCF9B2D90}) (Version: 2.0.0.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version:  - TeamSpeak Systems GmbH)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12799 - TeamViewer)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1206 - Lenovo)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System  (10/25/2010 6.1.0.1) (HKLM\...\EA8853A03D537A97526088F978DEB040DF596301) (Version: 10/25/2010 6.1.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
15-08-2014 15:09:07 Windows Update
15-08-2014 17:15:25 Windows Update
19-08-2014 16:00:15 Windows Update
20-08-2014 01:07:49 Removed Dotfuscator Software Services - Community Edition
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {15CFF8A7-51D4-461D-A412-63D0AF4CB137} - System32\Tasks\{152C5CEF-4497-4FBE-B27D-009610D07492} => C:\Users\Arthur\Desktop\client.exe
Task: {29CDA27E-C17D-4295-87A0-B92FF0823EC0} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {2EFAF0D5-DB64-4713-A8F8-E53DF404778B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06] (Google Inc.)
Task: {2FD8BD56-14FC-429C-9DA0-C458AA8A4CE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06] (Google Inc.)
Task: {4BF20779-225E-40E9-A1E5-63C09C033B41} - System32\Tasks\{70C25F40-DD1B-40B7-80F3-F80D2C11399A} => C:\Users\Arthur\Desktop\client.exe
Task: {5F776872-C787-4DC1-8F9B-8463977B47F1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-04] (CyberLink)
Task: {B93E2258-20A2-42D5-8553-A5810270ACD8} - System32\Tasks\{1C7A0FF7-6092-4F86-935D-B1724CE91BBE} => C:\Users\Arthur\Desktop\client.exe
Task: {D57CE7E5-EED2-4395-8C25-31336E052AC2} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {E32E4068-6543-4CE8-B8F0-D236941F6F0D} - System32\Tasks\{87255B03-7E2F-4586-A114-13DFCD0AF190} => C:\Users\Arthur\Desktop\client.exe
Task: {FC67CC6F-7BCC-4C07-A568-F7CB4E076714} - System32\Tasks\{4ADEF459-AD33-4067-BA99-CB0EA95F4BDE} => C:\Users\Arthur\Desktop\client.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-01-20 19:45 - 2012-05-15 05:28 - 00085824 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-11-06 00:49 - 2011-11-06 00:49 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll
2012-01-23 17:57 - 2012-01-09 20:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2011-11-06 00:49 - 2011-11-06 00:49 - 00622592 _____ () C:\windows\system32\SimpleExt.dll
2013-08-11 15:43 - 2013-01-15 18:59 - 00161088 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCExtMenu_64.dll
2008-12-20 03:20 - 2014-07-02 15:20 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 03:20 - 2014-07-02 15:20 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-04-13 23:01 - 2011-03-25 05:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-06-27 14:36 - 2014-06-27 14:36 - 00045056 _____ () C:\windows\SysWOW64\UTSCSI.EXE
2013-08-11 15:43 - 2013-01-15 18:47 - 00517440 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\sqlite3.dll
2013-08-11 15:43 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madExcept_.bpl
2013-08-11 15:43 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madBasic_.bpl
2013-08-11 15:43 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madDisAsm_.bpl
2014-07-15 21:23 - 2014-08-04 15:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-07-15 21:23 - 2014-08-04 15:15 - 00441856 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-02-02 18:48 - 2014-08-04 15:15 - 00332288 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2013-03-12 17:10 - 2014-08-04 15:15 - 00769024 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-07-15 21:23 - 2014-08-13 18:31 - 02144448 _____ () C:\Program Files (x86)\Steam\video.dll
2014-07-15 21:23 - 2014-08-04 15:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-07-15 21:23 - 2014-07-30 23:47 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2012-01-20 20:53 - 2014-08-13 18:30 - 00677056 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-01-20 20:53 - 2014-08-13 02:27 - 34587328 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-15 10:59 - 2014-08-13 02:27 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-08-17 11:28 - 2014-08-06 23:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-17 11:28 - 2014-08-06 23:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-17 11:28 - 2014-08-06 23:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-17 11:28 - 2014-08-06 23:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-17 11:28 - 2014-08-06 23:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdvancedSystemCareService5 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk => C:\windows\pss\SRS Premium Sound.lnk.CommonStartup
MSCONFIG\startupreg: 332BigDog => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: DeathAdder => C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MSCONFIG\startupreg: Energy Management => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
MSCONFIG\startupreg: EnergyUtility => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelWireless => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
MSCONFIG\startupreg: Lenovo EE Boot Optimizer => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: OCCAgent => C:\Program Files (x86)\OCCAgent\OCCAgent.exe
MSCONFIG\startupreg: OnekeyStudio => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: UpdateP2GShortCut => "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/21/2014 11:35:53 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (08/21/2014 11:35:23 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (08/21/2014 11:32:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 16.7.0.0, time stamp: 0x528d63f1
Faulting module name: ZeroConfigService.exe, version: 16.7.0.0, time stamp: 0x528d63f1
Exception code: 0xc0000005
Fault offset: 0x00000000001c01b3
Faulting process id: 0xa28
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
 
Error: (08/21/2014 11:32:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/20/2014 03:14:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x537501ed
Faulting module name: engine.dll, version: 0.0.0.0, time stamp: 0x537513f8
Exception code: 0xc0000005
Fault offset: 0x001c047c
Faulting process id: 0x674
Faulting application start time: 0xhl2.exe0
Faulting application path: hl2.exe1
Faulting module path: hl2.exe2
Report Id: hl2.exe3
 
 
System errors:
=============
Error: (08/21/2014 11:36:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/21/2014 11:35:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (08/21/2014 11:35:38 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (08/21/2014 11:33:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Integrated Clock Controller Service - Intel® ICCS service failed to start due to the following error: 
%%1053
 
Error: (08/21/2014 11:33:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Integrated Clock Controller Service - Intel® ICCS service to connect.
 
Error: (08/21/2014 11:33:19 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053ICCS{7B33B0B5-F719-4B0B-B48A-0B8F20CA08A5}
 
Error: (08/21/2014 11:32:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SQL Server (SQLEXPRESS) service failed to start due to the following error: 
%%1053
 
Error: (08/21/2014 11:32:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (08/21/2014 11:35:53 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed
 
Error: (08/21/2014 11:35:23 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2
 
Error: (08/21/2014 11:32:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe16.7.0.0528d63f1ZeroConfigService.exe16.7.0.0528d63f1c000000500000000001c01b3a2801cfbd551404bdb7C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe64d8db4c-2948-11e4-9287-f0def1cd5dff
 
Error: (08/21/2014 11:32:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/20/2014 03:14:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: hl2.exe0.0.0.0537501edengine.dll0.0.0.0537513f8c0000005001c047c67401cfbca6d82675f2C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exec:\program files (x86)\steam\steamapps\common\counter-strike source\bin\engine.dll235d5965-289e-11e4-9d40-f0def1cd5dff
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 38%
Total physical RAM: 6058.14 MB
Available physical RAM: 3708.53 MB
Total Pagefile: 12114.46 MB
Available Pagefile: 9708.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:421.81 GB) (Free:316.69 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.28 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 82F89673)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
 
==================== End Of Log ============================

  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

When I click on your link I get an Access Denied message. Can you attach the file instead of pasting it in this post? It's not recommended but in this instance is OK.

 

You can click on the "More Reply Options" button which is next to the Post button. When you do this you will see an Attach Files area.

 

Please let me know.


  • 0

#5
kingkeef

kingkeef

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

EDIT: This file was too big to upload

 

Lol it's nearly 4 MB, what the [bleep]


Edited by kingkeef, 21 August 2014 - 12:50 PM.

  • 0

#6
kingkeef

kingkeef

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Seems like an extension in google chrome is corrupted or something, this is all I see for one of them for about 2000 lines

Attached Thumbnails

  • Untitled.png

Edited by kingkeef, 21 August 2014 - 12:55 PM.

  • 0

#7
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

One of my peers has shown me how to get the file from MediaFire. I'm reviewing it and will be back with you. Thank you!


  • 0

#8
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

I just wanted to check in and let you know we are still working on your issue. I did have three questions however.

 

1. Is Chrome your Primary browser that you use?

2. Do you utilize bookmarks in Chrome?

3. Do you use the Windows Live Photo Gallery as far as you know?

 

Please let me know. Lastly I'm going to post your log below since it will be easier to research and provide a better historical record than having it referenced at an external site like MediaFire.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Arthur (administrator) on ARTHUR-PC on 21-08-2014 13:06:40
Running from C:\Users\Arthur\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

 

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\Arthur\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Arthur\AppData\Local\Akamai\netsession_win.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Cisco Consumer Products LLC) C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Windows\SysWOW64\UTSCSI.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLEDService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9437600 2014-07-02] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5315488 2014-07-02] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2034252377-2309476039-309546250-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Arthur\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2034252377-2309476039-309546250-1001\...\Run: [Advanced SystemCare 6] => C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKU\S-1-5-21-2034252377-2309476039-309546250-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1937600 2014-08-13] (Valve Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [246592 2012-05-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [202048 2012-05-15] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
BootExecute: autocheck autochk * sdnclean64.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=LENN&bmod=LENN
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...NN_enUS468US468
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...NN_enUS468US468
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> null\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Users\Arthur\Downloads\null\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFF
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFF [2014-08-19]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2014-08-21]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

 

Chrome:
=======
CHR HomePage: hxxp://google.com/
CHR StartupUrls: "hxxp://google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Windows Liveà <------------these funky characters go on for over 1.8 million characters and would not post so I truncated those Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-01]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-08-13]
CHR Extension: (Google Wallet) - C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx [2013-08-11]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
R2 RaAutoInstSrv_AM10; C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [529024 2010-04-15] (Cisco Consumer Products LLC)
R2 RtLedService; C:\Program Files\Realtek\RtLED\RtLEDService.exe [311296 2010-09-30] (Realtek Semiconductor Corp.) [File not signed]
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32984 2013-07-31] (Razer)
S2 SkypeUpdate; C:\Skype\Updater\Updater.exe [315008 2014-04-03] (Skype Technologies)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
R2 UTSCSI; C:\windows\SysWOW64\UTSCSI.EXE [45056 2014-06-27] () [File not signed]
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AM10; C:\Windows\System32\DRIVERS\am10w7.sys [1101600 2010-03-23] (Ralink Technology Corp.)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-08-01] (Symantec Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-08-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-08-19] (Symantec Corporation)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20140819.001\IDSvia64.sys [525016 2014-08-19] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20140820.002\ENG64.SYS [126040 2014-08-19] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20140820.002\EX64.SYS [2099288 2014-08-19] (Symantec Corporation)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-05-19] (Razer Inc)
S3 RzDxgk; C:\windows\system32\drivers\RzDxgk.sys [128984 2013-07-31] (Razer USA Ltd)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74456 2013-07-31] (Razer USA Ltd)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31400 2014-05-19] (Razer Inc)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-01-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
S3 cpuz135; \??\C:\windows\TEMP\cpuz135\cpuz135_x64.sys [X]
U2 DriverService;
S3 ESEADriver2; \??\C:\Users\Arthur\AppData\Local\Temp\ESEADriver2.sys [X]
U2 IAStorDataMgrSvc;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 Oasis2Service;
U0 Partizan; system32\drivers\Partizan.sys [X]
U2 PCCarerServic;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 SoftwareService;
U2 Stereo Service;
S3 X6va012; \??\C:\windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va017; \??\C:\windows\SysWOW64\Drivers\X6va017 [X]
S3 xhunter1; \??\C:\windows\xhunter1.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-21 13:06 - 2014-08-21 13:11 - 04133552 _____ () C:\Users\Arthur\Desktop\FRST.txt
2014-08-21 13:06 - 2014-08-21 13:05 - 02101760 _____ (Farbar) C:\Users\Arthur\Desktop\FRST64.exe
2014-08-21 13:05 - 2014-08-21 13:06 - 00000000 ____D () C:\FRST
2014-08-21 13:05 - 2014-08-21 13:05 - 02101760 _____ (Farbar) C:\Users\Arthur\Downloads\FRST64.exe
2014-08-20 12:22 - 2014-08-20 12:22 - 00001039 _____ () C:\Users\Arthur\Desktop\JRT.txt
2014-08-20 12:14 - 2014-08-20 12:14 - 00000000 ____D () C:\windows\ERUNT
2014-08-20 12:13 - 2014-08-20 12:13 - 01016261 _____ (Thisisu) C:\Users\Arthur\Downloads\JRT.exe
2014-08-19 20:06 - 2014-08-21 11:30 - 00000392 _____ () C:\windows\setupact.log
2014-08-19 20:06 - 2014-08-19 20:06 - 00000000 _____ () C:\windows\setuperr.log
2014-08-19 20:05 - 2014-08-19 20:05 - 00004122 _____ () C:\windows\PFRO.log
2014-08-19 19:20 - 2014-08-19 19:20 - 89636864 _____ () C:\windows\system32\config\SOFTWARE.iobit
2014-08-19 19:20 - 2014-08-19 19:20 - 05275648 _____ () C:\windows\system32\config\DEFAULT.iobit
2014-08-19 19:20 - 2014-08-19 19:20 - 00032768 _____ () C:\windows\system32\config\SAM.iobit
2014-08-19 19:20 - 2014-08-19 19:20 - 00028672 _____ () C:\windows\system32\config\SECURITY.iobit
2014-08-19 19:13 - 2014-08-19 19:13 - 00000000 ____D () C:\Users\Arthur\AppData\Roaming\Tific
2014-08-19 18:34 - 2014-08-19 18:34 - 00000085 _____ () C:\windows\wininit.ini
2014-08-19 18:30 - 2014-08-19 18:30 - 00000000 ____D () C:\Users\Arthur\AppData\Local\PreEmptive Solutions
2014-08-19 18:06 - 2014-08-19 18:06 - 01696192 _____ (ESET) C:\Users\Arthur\Downloads\eset_nod32_antivirus_live_installer.exe
2014-08-19 17:30 - 2014-08-19 17:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-19 17:29 - 2014-08-19 17:38 - 00000000 ____D () C:\Users\Arthur\Desktop\mbar
2014-08-19 17:28 - 2014-08-19 17:28 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Arthur\Downloads\mbar-1.07.0.1012.exe
2014-08-19 17:20 - 2014-08-19 17:20 - 00602112 _____ (OldTimer Tools) C:\Users\Arthur\Downloads\OTL (1).exe
2014-08-19 17:11 - 2014-08-19 17:11 - 00602112 _____ (OldTimer Tools) C:\Users\Arthur\Downloads\OTL.exe
2014-08-19 16:43 - 2014-08-19 20:05 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 16:43 - 2014-08-19 16:43 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-08-19 16:41 - 2014-08-19 16:42 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Arthur\Downloads\spybot-2.4.exe
2014-08-19 16:39 - 2014-08-19 18:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 16:39 - 2014-08-19 18:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-19 16:37 - 2014-08-19 16:38 - 16409960 _____ (Safer Networking Limited ) C:\Users\Arthur\Downloads\spybotsd162.exe
2014-08-19 16:30 - 2014-08-19 18:32 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-08-19 16:30 - 2014-08-19 16:32 - 00000000 ____D () C:\Users\Arthur\Documents\RegRun2
2014-08-19 16:30 - 2014-08-19 16:30 - 15790435 _____ () C:\Users\Arthur\Downloads\unhackme.zip
2014-08-19 16:30 - 2014-08-19 16:30 - 00000002 RSHOT () C:\windows\winstart.bat
2014-08-19 16:30 - 2014-08-19 16:30 - 00000002 RSHOT () C:\windows\SysWOW64\CONFIG.NT
2014-08-19 16:30 - 2014-08-19 16:30 - 00000002 RSHOT () C:\windows\SysWOW64\AUTOEXEC.NT
2014-08-19 16:27 - 2014-08-19 16:28 - 00000000 ____D () C:\Users\Arthur\AppData\Local\NPE
2014-08-19 16:27 - 2014-08-19 16:27 - 03077584 ____N (Symantec Corporation) C:\Users\Arthur\Downloads\NPE.exe
2014-08-19 16:10 - 2014-08-19 18:09 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 16:10 - 2014-08-19 17:30 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-19 16:10 - 2014-08-19 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-19 16:10 - 2014-08-19 16:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-19 16:10 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-08-18 15:39 - 2014-08-18 15:39 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Windows Live
2014-08-15 13:17 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-15 13:17 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-15 13:17 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-15 13:17 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-15 13:17 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-15 13:17 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-15 13:16 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-15 13:16 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-15 11:14 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-15 11:14 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-15 11:14 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-15 11:14 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-15 11:14 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-15 11:14 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-15 11:14 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-15 11:14 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-15 11:14 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-15 11:14 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-15 11:14 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-15 11:14 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-15 11:14 - 2014-07-08 18:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-15 11:14 - 2014-07-08 18:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-15 11:13 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-15 11:13 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-15 11:13 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-15 11:13 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-15 11:13 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-15 11:13 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-15 11:13 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-15 11:13 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-15 11:13 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-15 11:13 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-15 11:13 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-15 11:13 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-15 11:13 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-15 11:13 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-15 11:13 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-15 11:13 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-15 11:13 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-15 11:13 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-15 11:13 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-15 11:13 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-15 11:13 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-15 11:13 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-15 11:13 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-15 11:13 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-15 11:13 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-15 11:13 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 11:13 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-15 11:13 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-15 11:13 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-15 11:13 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-15 11:13 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-15 11:13 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-15 11:13 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-15 11:13 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-15 11:13 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-15 11:13 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-15 11:13 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-15 11:13 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-15 11:13 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 11:13 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-15 11:13 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-15 11:13 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-15 11:13 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-15 11:13 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-15 11:13 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-15 11:13 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-15 11:13 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-15 11:13 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-15 11:13 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-15 11:13 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-15 11:13 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-15 11:13 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-15 11:13 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-15 11:13 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-15 11:13 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-15 11:13 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-15 11:13 - 2014-07-15 23:25 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-15 11:13 - 2014-07-15 22:46 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-15 11:13 - 2014-07-15 22:12 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-15 11:13 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-15 11:13 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-15 11:13 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-15 11:13 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-15 11:13 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-15 11:13 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-15 11:13 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-15 11:13 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-15 11:13 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-15 11:13 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-15 11:12 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-15 11:12 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-15 11:12 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-15 11:12 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-03 10:06 - 2014-08-03 10:06 - 00000000 ____D () C:\Users\Arthur\Desktop\Tor Browser
2014-08-03 10:04 - 2014-08-03 10:04 - 27239623 _____ () C:\Users\Arthur\Downloads\torbrowser-install-3.6.3_en-US.exe
2014-08-03 10:03 - 2014-08-03 10:04 - 01010912 _____ (Jitbit Software ) C:\Users\Arthur\Downloads\MacroRecorderSetup.exe
2014-08-03 09:39 - 2014-08-03 09:39 - 00000000 ___RD () C:\Skype
2014-08-03 09:39 - 2014-08-03 09:39 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Skype
2014-08-03 09:39 - 2014-08-03 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-03 09:37 - 2014-08-03 09:37 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Arthur\Downloads\SkypeSetup (1).exe
2014-08-02 18:58 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-02 18:58 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-02 18:58 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-02 18:58 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-02 18:57 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-02 18:57 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-02 18:57 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-02 18:57 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-02 18:57 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-02 18:57 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-02 18:57 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-02 18:57 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-02 18:57 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-02 18:57 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-27 12:11 - 2014-07-27 12:11 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2008
2014-07-27 12:11 - 2014-07-27 12:11 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2008
2014-07-27 11:56 - 2014-07-27 11:56 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010
2014-07-27 11:56 - 2014-07-27 11:56 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010
2014-07-25 13:02 - 2014-07-25 13:02 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Razer_Inc
2014-07-25 12:35 - 2014-07-25 12:35 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2014-07-25 12:34 - 2014-07-25 12:34 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_rzdaendpt_01009.Wdf
2014-07-25 11:55 - 2014-07-25 11:55 - 00000000 ____D () C:\ProgramData\VS
2014-07-25 11:55 - 2014-07-25 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
2014-07-25 11:55 - 2014-07-25 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
2014-07-25 09:40 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-07-25 09:40 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-07-24 12:35 - 2014-07-25 14:15 - 00000040 _____ () C:\Users\Arthur\Desktop\am.txt
2014-07-24 11:21 - 2012-05-15 07:13 - 00144896 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll
2014-07-24 11:21 - 2012-05-15 06:20 - 00104448 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll
2014-07-24 11:17 - 2014-07-24 11:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-07-24 11:17 - 2014-07-24 11:17 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-07-24 11:12 - 2014-07-24 11:13 - 94972064 _____ (Intel® Corporation) C:\Users\Arthur\Downloads\Wireless_16.7.0_s64.exe
2014-07-24 11:12 - 2014-07-24 11:13 - 145417920 _____ (Intel Corporation) C:\Users\Arthur\Downloads\Win64_152822.exe
2014-07-24 10:53 - 2014-07-24 10:53 - 05773824 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 04916224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 01123840 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-07-24 10:53 - 2014-07-24 10:53 - 01048064 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-07-24 10:53 - 2014-07-24 10:53 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-07-24 10:53 - 2014-07-24 10:53 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-07-24 10:53 - 2014-07-24 10:53 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-07-24 10:53 - 2014-07-24 10:53 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys
2014-07-24 10:53 - 2014-07-24 10:53 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2014-07-24 10:53 - 2014-07-24 10:53 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00016896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-24 10:51 - 2013-04-17 20:20 - 00026432 _____ (IObit) C:\windows\system32\RegistryDefragBootTime.exe
2014-07-22 10:20 - 2014-07-22 10:20 - 00000000 __RHD () C:\MSOCache

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-21 13:11 - 2014-08-21 13:06 - 04133552 _____ () C:\Users\Arthur\Desktop\FRST.txt
2014-08-21 13:10 - 2009-07-14 00:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-21 13:10 - 2009-07-14 00:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-21 13:06 - 2014-08-21 13:05 - 00000000 ____D () C:\FRST
2014-08-21 13:05 - 2014-08-21 13:06 - 02101760 _____ (Farbar) C:\Users\Arthur\Desktop\FRST64.exe
2014-08-21 13:05 - 2014-08-21 13:05 - 02101760 _____ (Farbar) C:\Users\Arthur\Downloads\FRST64.exe
2014-08-21 12:27 - 2012-01-20 20:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-21 12:27 - 2011-11-06 00:11 - 01257863 _____ () C:\windows\WindowsUpdate.log
2014-08-21 12:23 - 2011-11-06 01:00 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-21 11:38 - 2009-07-14 01:13 - 00876932 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-21 11:31 - 2011-11-06 01:00 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-21 11:31 - 2011-11-06 00:50 - 00117617 _____ () C:\windows\system32\fastboot.set
2014-08-21 11:31 - 2011-11-06 00:49 - 01162775 _____ () C:\FaceProv.log
2014-08-21 11:31 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-21 11:30 - 2014-08-19 20:06 - 00000392 _____ () C:\windows\setupact.log
2014-08-20 15:14 - 2012-01-20 22:50 - 00000000 ____D () C:\Users\Arthur\AppData\Local\CrashDumps
2014-08-20 12:22 - 2014-08-20 12:22 - 00001039 _____ () C:\Users\Arthur\Desktop\JRT.txt
2014-08-20 12:14 - 2014-08-20 12:14 - 00000000 ____D () C:\windows\ERUNT
2014-08-20 12:13 - 2014-08-20 12:13 - 01016261 _____ (Thisisu) C:\Users\Arthur\Downloads\JRT.exe
2014-08-20 10:49 - 2012-05-27 15:09 - 00000000 ____D () C:\Users\Arthur\Documents\Youcam
2014-08-20 08:45 - 2009-07-14 00:45 - 00311168 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-19 21:08 - 2012-06-26 17:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-08-19 20:06 - 2014-08-19 20:06 - 00000000 _____ () C:\windows\setuperr.log
2014-08-19 20:05 - 2014-08-19 20:05 - 00004122 _____ () C:\windows\PFRO.log
2014-08-19 20:05 - 2014-08-19 16:43 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 19:20 - 2014-08-19 19:20 - 89636864 _____ () C:\windows\system32\config\SOFTWARE.iobit
2014-08-19 19:20 - 2014-08-19 19:20 - 05275648 _____ () C:\windows\system32\config\DEFAULT.iobit
2014-08-19 19:20 - 2014-08-19 19:20 - 00032768 _____ () C:\windows\system32\config\SAM.iobit
2014-08-19 19:20 - 2014-08-19 19:20 - 00028672 _____ () C:\windows\system32\config\SECURITY.iobit
2014-08-19 19:20 - 2012-01-20 18:03 - 00000000 ____D () C:\Users\Arthur
2014-08-19 19:13 - 2014-08-19 19:13 - 00000000 ____D () C:\Users\Arthur\AppData\Roaming\Tific
2014-08-19 18:34 - 2014-08-19 18:34 - 00000085 _____ () C:\windows\wininit.ini
2014-08-19 18:34 - 2014-08-19 16:39 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 18:33 - 2014-08-19 16:39 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-19 18:32 - 2014-08-19 16:30 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-08-19 18:30 - 2014-08-19 18:30 - 00000000 ____D () C:\Users\Arthur\AppData\Local\PreEmptive Solutions
2014-08-19 18:09 - 2014-08-19 16:10 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 18:06 - 2014-08-19 18:06 - 01696192 _____ (ESET) C:\Users\Arthur\Downloads\eset_nod32_antivirus_live_installer.exe
2014-08-19 17:38 - 2014-08-19 17:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-19 17:38 - 2014-08-19 17:29 - 00000000 ____D () C:\Users\Arthur\Desktop\mbar
2014-08-19 17:30 - 2014-08-19 16:10 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-19 17:28 - 2014-08-19 17:28 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Arthur\Downloads\mbar-1.07.0.1012.exe
2014-08-19 17:20 - 2014-08-19 17:20 - 00602112 _____ (OldTimer Tools) C:\Users\Arthur\Downloads\OTL (1).exe
2014-08-19 17:11 - 2014-08-19 17:11 - 00602112 _____ (OldTimer Tools) C:\Users\Arthur\Downloads\OTL.exe
2014-08-19 16:43 - 2014-08-19 16:43 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-08-19 16:42 - 2014-08-19 16:41 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Arthur\Downloads\spybot-2.4.exe
2014-08-19 16:38 - 2014-08-19 16:37 - 16409960 _____ (Safer Networking Limited ) C:\Users\Arthur\Downloads\spybotsd162.exe
2014-08-19 16:36 - 2012-02-24 19:15 - 00000000 ___RD () C:\Users\Arthur\Desktop\Unused Desktop Items
2014-08-19 16:32 - 2014-08-19 16:30 - 00000000 ____D () C:\Users\Arthur\Documents\RegRun2
2014-08-19 16:30 - 2014-08-19 16:30 - 15790435 _____ () C:\Users\Arthur\Downloads\unhackme.zip
2014-08-19 16:30 - 2014-08-19 16:30 - 00000002 RSHOT () C:\windows\winstart.bat
2014-08-19 16:30 - 2014-08-19 16:30 - 00000002 RSHOT () C:\windows\SysWOW64\CONFIG.NT
2014-08-19 16:30 - 2014-08-19 16:30 - 00000002 RSHOT () C:\windows\SysWOW64\AUTOEXEC.NT
2014-08-19 16:28 - 2014-08-19 16:27 - 00000000 ____D () C:\Users\Arthur\AppData\Local\NPE
2014-08-19 16:27 - 2014-08-19 16:27 - 03077584 ____N (Symantec Corporation) C:\Users\Arthur\Downloads\NPE.exe
2014-08-19 16:27 - 2012-01-20 18:17 - 00000000 ____D () C:\ProgramData\Norton
2014-08-19 16:10 - 2014-08-19 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-19 16:10 - 2014-08-19 16:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-19 16:10 - 2012-07-12 20:41 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-19 16:10 - 2012-07-12 20:41 - 00000000 ____D () C:\Users\Arthur\AppData\Roaming\Malwarebytes
2014-08-19 16:10 - 2012-07-12 20:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-19 15:36 - 2009-07-14 01:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-08-18 15:39 - 2014-08-18 15:39 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Windows Live
2014-08-17 11:28 - 2011-11-06 01:01 - 00002183 _____ () C:\Users\Public\Desktop\Internet Browser.lnk
2014-08-17 10:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-15 13:32 - 2012-06-26 18:06 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-08-15 13:32 - 2012-06-26 18:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-08-15 13:26 - 2014-07-15 21:54 - 00000000 ____D () C:\windows\system32\MRT
2014-08-15 13:22 - 2012-01-20 18:42 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-15 13:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-15 13:16 - 2014-07-16 12:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-06 22:06 - 2014-08-15 11:12 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-15 11:12 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-05 09:20 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-03 10:45 - 2013-05-07 18:47 - 00000000 ____D () C:\Users\Arthur\AppData\Roaming\Skype
2014-08-03 10:06 - 2014-08-03 10:06 - 00000000 ____D () C:\Users\Arthur\Desktop\Tor Browser
2014-08-03 10:04 - 2014-08-03 10:04 - 27239623 _____ () C:\Users\Arthur\Downloads\torbrowser-install-3.6.3_en-US.exe
2014-08-03 10:04 - 2014-08-03 10:03 - 01010912 _____ (Jitbit Software ) C:\Users\Arthur\Downloads\MacroRecorderSetup.exe
2014-08-03 09:39 - 2014-08-03 09:39 - 00000000 ___RD () C:\Skype
2014-08-03 09:39 - 2014-08-03 09:39 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Skype
2014-08-03 09:39 - 2014-08-03 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-03 09:39 - 2013-05-07 18:47 - 00000000 ____D () C:\ProgramData\Skype
2014-08-03 09:37 - 2014-08-03 09:37 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Arthur\Downloads\SkypeSetup (1).exe
2014-07-31 19:41 - 2014-08-15 11:13 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-31 19:16 - 2014-08-15 11:13 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-27 12:11 - 2014-07-27 12:11 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2008
2014-07-27 12:11 - 2014-07-27 12:11 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2008
2014-07-27 12:09 - 2012-06-26 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
2014-07-27 11:56 - 2014-07-27 11:56 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010
2014-07-27 11:56 - 2014-07-27 11:56 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010
2014-07-27 11:56 - 2012-01-20 18:05 - 00062840 _____ () C:\Users\Arthur\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-25 14:15 - 2014-07-24 12:35 - 00000040 _____ () C:\Users\Arthur\Desktop\am.txt
2014-07-25 13:53 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-07-25 13:06 - 2013-08-11 15:29 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Razer
2014-07-25 13:05 - 2012-01-20 20:53 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-07-25 13:02 - 2014-07-25 13:02 - 00000000 ____D () C:\Users\Arthur\AppData\Local\Razer_Inc
2014-07-25 12:35 - 2014-07-25 12:35 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2014-07-25 12:34 - 2014-07-25 12:34 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_rzdaendpt_01009.Wdf
2014-07-25 12:33 - 2012-01-20 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-07-25 12:20 - 2013-08-11 15:26 - 00000000 ____D () C:\ProgramData\Razer
2014-07-25 12:15 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-07-25 11:55 - 2014-07-25 11:55 - 00000000 ____D () C:\ProgramData\VS
2014-07-25 11:55 - 2014-07-25 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
2014-07-25 11:55 - 2014-07-25 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
2014-07-25 11:55 - 2012-06-26 17:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-07-25 10:52 - 2014-08-15 11:13 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-25 10:02 - 2014-08-15 11:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-25 10:01 - 2014-08-15 11:13 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-25 09:51 - 2014-08-15 11:13 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-25 09:30 - 2014-08-15 11:13 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-25 09:28 - 2014-08-15 11:13 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-25 09:28 - 2014-08-15 11:13 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-25 09:25 - 2014-08-15 11:13 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-25 09:25 - 2014-08-15 11:13 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-25 09:11 - 2014-08-15 11:13 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-25 09:10 - 2014-08-15 11:13 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-25 09:04 - 2014-08-15 11:13 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-25 09:03 - 2014-08-15 11:13 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-25 09:00 - 2014-08-15 11:13 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-25 09:00 - 2014-08-15 11:13 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-25 08:59 - 2014-08-15 11:13 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-25 08:47 - 2014-08-15 11:13 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 08:40 - 2014-08-15 11:13 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-25 08:34 - 2014-08-15 11:13 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-25 08:34 - 2014-08-15 11:13 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-25 08:33 - 2014-08-15 11:13 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-25 08:30 - 2014-08-15 11:13 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-25 08:28 - 2014-08-15 11:13 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-25 08:28 - 2014-08-15 11:13 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 08:21 - 2014-08-15 11:13 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-25 08:19 - 2014-08-15 11:13 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-25 08:18 - 2014-08-15 11:13 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-25 08:17 - 2014-08-15 11:13 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-25 08:17 - 2014-08-15 11:13 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-25 08:12 - 2014-08-15 11:13 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-25 08:10 - 2014-08-15 11:13 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-25 08:10 - 2014-08-15 11:13 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-25 08:08 - 2014-08-15 11:13 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-25 08:06 - 2014-08-15 11:13 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-25 07:52 - 2014-08-15 11:13 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-25 07:47 - 2014-08-15 11:13 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-25 07:43 - 2014-08-15 11:13 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 07:42 - 2014-08-15 11:13 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-25 07:39 - 2014-08-15 11:13 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-25 07:39 - 2014-08-15 11:13 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-25 07:36 - 2014-08-15 11:13 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-25 07:34 - 2014-08-15 11:13 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-25 07:29 - 2014-08-15 11:13 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-25 07:23 - 2014-08-15 11:13 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-25 07:13 - 2014-08-15 11:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-25 07:07 - 2014-08-15 11:13 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-25 07:07 - 2014-08-15 11:13 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-25 07:03 - 2014-08-15 11:13 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-25 06:52 - 2014-08-15 11:13 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-25 06:26 - 2014-08-15 11:13 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-25 06:17 - 2014-08-15 11:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-25 06:09 - 2014-08-15 11:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-25 06:05 - 2014-08-15 11:13 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-25 06:00 - 2014-08-15 11:13 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-24 14:40 - 2012-07-13 14:13 - 00000000 ____D () C:\Users\Arthur\AppData\Roaming\SoftGrid Client
2014-07-24 11:28 - 2013-05-24 19:24 - 00000000 ____D () C:\Users\Arthur\Desktop\css
2014-07-24 11:28 - 2012-12-25 18:17 - 00000000 ____D () C:\Users\Arthur\Desktop\CSS stuff (dont delete)
2014-07-24 11:21 - 2011-11-06 00:21 - 00000000 ____D () C:\ProgramData\Intel
2014-07-24 11:21 - 2011-11-06 00:18 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-07-24 11:20 - 2011-11-06 00:19 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-07-24 11:18 - 2014-07-01 12:28 - 00000000 ____D () C:\Program Files\Intel
2014-07-24 11:17 - 2014-07-24 11:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-07-24 11:17 - 2014-07-24 11:17 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-07-24 11:17 - 2014-06-27 13:19 - 00000000 ____D () C:\ProgramData\Intel.sav
2014-07-24 11:15 - 2013-05-24 19:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-24 11:13 - 2014-07-24 11:12 - 94972064 _____ (Intel® Corporation) C:\Users\Arthur\Downloads\Wireless_16.7.0_s64.exe
2014-07-24 11:13 - 2014-07-24 11:12 - 145417920 _____ (Intel Corporation) C:\Users\Arthur\Downloads\Win64_152822.exe
2014-07-24 11:06 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-24 10:56 - 2014-07-15 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 10:56 - 2014-07-15 21:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 10:56 - 2014-07-15 21:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 10:53 - 2014-07-24 10:53 - 05773824 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 04916224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 01123840 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-07-24 10:53 - 2014-07-24 10:53 - 01048064 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-07-24 10:53 - 2014-07-24 10:53 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-07-24 10:53 - 2014-07-24 10:53 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-07-24 10:53 - 2014-07-24 10:53 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-07-24 10:53 - 2014-07-24 10:53 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys
2014-07-24 10:53 - 2014-07-24 10:53 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2014-07-24 10:53 - 2014-07-24 10:53 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00016896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-24 10:53 - 2014-07-24 10:53 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-22 10:20 - 2014-07-22 10:20 - 00000000 __RHD () C:\MSOCache

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-18 13:36

 

==================== End Of Log ============================


  • 0

#9
kingkeef

kingkeef

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

I just wanted to check in and let you know we are still working on your issue. I did have three questions however.

 

1. Is Chrome your Primary browser that you use?

2. Do you utilize bookmarks in Chrome?

3. Do you use the Windows Live Photo Gallery as far as you know?

 

Please let me know. Lastly I'm going to post your log below since it will be easier to research and provide a better historical record than having it referenced at an external site like MediaFire.

 

 

1. Yes

2. Yes, I just have 4 bookmarks though

3. No


Edited by kingkeef, 22 August 2014 - 11:12 AM.

  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

I apologize it took so long to get back to you. We do our best. Overall your machine is fairly clean. A few things to fix and check though. I see that you have run many tools and have done many scans however I would like to do a couple. Please follow the instructions below

 

Step#1 - FRST Fix
 
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   1.04KB   102 downloads
    NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - Uninstalls

1. I see that you have Advanced SystemCare 6 installed. We don't recommend this program or any registry cleaners/optimizers as they can cause more harm than good. I highly recommend

    you uninstall this program.

2. Since you don't use Windows Live Photo Gallery and it appears that plugin in chrome may be corrupt I would like to uninstall this. Please do the following.

    a) Go to Programs and Features (Start...Control Panel...Uninstall a Program)

    b) Select Windows Live Essentials

    c) Click the Uninstall/Change button

    d) Choose "Remove one or more Essentials programs"

    e) Put a check mark in "Photo Gallery and Movie Maker" (if you use Movie Maker we can re-install after everything is working correctly on your machine)

    f) Click Uninstall
 
 
Step#3 - Adware Scan
 
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-Click on AdwCleaner.exe and select Run as administrator to run the tool. Click Yes if asked to allow the program from an unknown publisher.
4. Click I Agree on the Terms of Use screen.
5. Click on Scan.
6. After the scan is complete click on "Clean"
7. Confirm each time with Ok on the messages that follow.
8. Your computer will be rebooted automatically. A text file will open after the restart.
9. Please post the content of that logfile with your next answer.
10. You can find the logfile at C:\AdwCleaner[S0].txt as well.

 

 

Step#4 - Questions

1. I see you downloaded and extracted Malware Bytes Antirookit. Have you run this? If so, on your desktop within the mbar folder you will find a log that begins with mbar-log. Can you post the contents of this?

 

 

Items for your next post

1. Contents of the fixlog.

2. Contents of the AdwCleaner log.

3. Provide mbar log if it was run.


  • 0

Advertisements


#11
kingkeef

kingkeef

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Will update with logs tomorrow. Haven't been home lol. I can say though that I could tell AS6 was garbage cause now my computer takes longer to boot up (long black screen). Also, I don't have a log for the rootkit because I didn't run it yet. Would you still like me to scan tomorrow after Adw?
  • 0

#12
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

No problem. Yes that would be great if you could run mbar after Adw. It appears you know what's involved in running it but just in case I'll provide instructions below.

 

1. Download Malwarebytes Anti-Rootkit to your desktop from here.

2. Right-Click on the file that was downloaded and choose Run as administrator. Answer Yes if prompted to Allow.

3. Click OK at the installer screen that comes up.

4. The software will be extracted and will open.

5. Click Next at the first screen.

6. The Update Database screen will appear. Click the Update button.

7. Once updated, click the Next button.

8. On the Scan System screen, click the Scan button.

9. Once, the Scan is finished, even if rootkits were detected, don't click the Cleanup button. Just exit the program.

10. On your desktop, there will be a folder named mbar. Open this folder and you will find a log that begins with mbar-log-. Please open this file and copy the contents in to your next post.


  • 0

#13
kingkeef

kingkeef

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-08-2014 02
Ran by Arthur at 2014-08-24 10:00:19 Run:1
Running from C:\Users\Arthur\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
cmd:sc config windefend start= Disabled
cmd:sc stop windefend
HKLM-x32\...\Run: [] => [X]
C:\Users\Arthur\Desktop\client.exe
Task: {15CFF8A7-51D4-461D-A412-63D0AF4CB137} - System32\Tasks\{152C5CEF-4497-4FBE-B27D-009610D07492} => C:\Users\Arthur\Desktop\client.exe
Task: {4BF20779-225E-40E9-A1E5-63C09C033B41} - System32\Tasks\{70C25F40-DD1B-40B7-80F3-F80D2C11399A} => C:\Users\Arthur\Desktop\client.exe
Task: {B93E2258-20A2-42D5-8553-A5810270ACD8} - System32\Tasks\{1C7A0FF7-6092-4F86-935D-B1724CE91BBE} => C:\Users\Arthur\Desktop\client.exe
Task: {E32E4068-6543-4CE8-B8F0-D236941F6F0D} - System32\Tasks\{87255B03-7E2F-4586-A114-13DFCD0AF190} => C:\Users\Arthur\Desktop\client.exe
Task: {FC67CC6F-7BCC-4C07-A568-F7CB4E076714} - System32\Tasks\{4ADEF459-AD33-4067-BA99-CB0EA95F4BDE} => C:\Users\Arthur\Desktop\client.exe
BootExecute: autocheck autochk * sdnclean64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\Users\Arthur\Downloads\spybotsd162.exe
C:\Users\Arthur\Downloads\spybot-2.4.exe
C:\ProgramData\Spybot - Search & Destroy
EmptyTemp:
*****************
 
 
========= sc config windefend start= Disabled =========
 
[SC] ChangeServiceConfig SUCCESS
 
========= End of CMD: =========
 
 
========= sc stop windefend =========
 
 
SERVICE_NAME: windefend 
        TYPE               : 20  WIN32_SHARE_PROCESS  
        STATE              : 4  RUNNING 
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
 
========= End of CMD: =========
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"C:\Users\Arthur\Desktop\client.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15CFF8A7-51D4-461D-A412-63D0AF4CB137}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15CFF8A7-51D4-461D-A412-63D0AF4CB137}" => Key deleted successfully.
C:\Windows\System32\Tasks\{152C5CEF-4497-4FBE-B27D-009610D07492} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{152C5CEF-4497-4FBE-B27D-009610D07492}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BF20779-225E-40E9-A1E5-63C09C033B41}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BF20779-225E-40E9-A1E5-63C09C033B41}" => Key deleted successfully.
C:\Windows\System32\Tasks\{70C25F40-DD1B-40B7-80F3-F80D2C11399A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{70C25F40-DD1B-40B7-80F3-F80D2C11399A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B93E2258-20A2-42D5-8553-A5810270ACD8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B93E2258-20A2-42D5-8553-A5810270ACD8}" => Key deleted successfully.
C:\Windows\System32\Tasks\{1C7A0FF7-6092-4F86-935D-B1724CE91BBE} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1C7A0FF7-6092-4F86-935D-B1724CE91BBE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E32E4068-6543-4CE8-B8F0-D236941F6F0D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E32E4068-6543-4CE8-B8F0-D236941F6F0D}" => Key deleted successfully.
C:\Windows\System32\Tasks\{87255B03-7E2F-4586-A114-13DFCD0AF190} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{87255B03-7E2F-4586-A114-13DFCD0AF190}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC67CC6F-7BCC-4C07-A568-F7CB4E076714}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC67CC6F-7BCC-4C07-A568-F7CB4E076714}" => Key deleted successfully.
C:\Windows\System32\Tasks\{4ADEF459-AD33-4067-BA99-CB0EA95F4BDE} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4ADEF459-AD33-4067-BA99-CB0EA95F4BDE}" => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
C:\Program Files (x86)\Spybot - Search & Destroy 2 => Moved successfully.
C:\Users\Arthur\Downloads\spybotsd162.exe => Moved successfully.
C:\Users\Arthur\Downloads\spybot-2.4.exe => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy => Moved successfully.
EmptyTemp: => Removed 207.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

  • 0

#14
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks for the log. Don't forget to do Steps#2, #3 & #4 as I need the logs from steps 3 and 4 as well. Thank you.


  • 0

#15
kingkeef

kingkeef

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

The Adw scan was taking forever for no apparent reason... anyways

 

# AdwCleaner v3.308 - Report created 24/08/2014 at 11:02:23
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Arthur - ARTHUR-PC
# Running from : C:\Users\Arthur\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [920 octets] - [24/08/2014 10:12:59]
AdwCleaner[R1].txt - [751 octets] - [24/08/2014 10:31:48]
AdwCleaner[R2].txt - [1182 octets] - [24/08/2014 10:47:09]
AdwCleaner[S0].txt - [1109 octets] - [24/08/2014 11:02:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1169 octets] ##########
 
 
 
 
--
 
 
I get this message when running MBAM, before starting the scan (see attached file).. not sure what to do

Attached Thumbnails

  • abc.png

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP