Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Frequent BSOD - Suspected Malware [Solved]

BSOD Malware Godawgs

  • This topic is locked This topic is locked

#46
Daniel Christmas Lee

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts

Step #1 Stop Code is Attached as an Image.

 

LOOKS LIKE THE CULPRIT IS SMARTDEFRAG?!

 

Ok ok I will write down the stop code...

 

0x000000c2 (0x000000000000009D, 0x000000000000419, 0x000000000000000, 0xFFFFF880019523F0)

Attached Thumbnails

  • IMG_20140923_220030_035.jpg

Edited by Daniel Christmas Lee, 23 September 2014 - 11:10 PM.

  • 0

Advertisements


#47
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Excellent. This is a good start. SmartDefrag may not be the only cause of your issues however the vendor that makes this software (IOBit) is untrustworthy and deemed a rogue within the Anti-Malware community as a whole. So I suggest we get rid of it and see if your problems persist. At this point I'm assuming you reset Driver Verifier and can boot normally. Please do the following.

 

Step#1 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   153bytes   69 downloads

Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
 
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Now use your machine normally and see if you get the BSOD again. If you do then enable Driver Verifier again and then try to cause the BSOD. So again only do the following steps if you are able to cause a BSOD again working with your machine normally.

 

Step#2 - Enable Driver Verifier

1. Click the Start button, type Verifier and hit enter on the keyboard.

2. Make sure Create custom settings (for code developers) is selected as show below.

     Capture.JPG

 

3. Click Next.

4. Select Select individual settings from a full list.

5. Click Next.

6. Check all of the options except "Force pending I/O requests" and "Low resources simulation" as shown below.

     Check.JPG

 

7. Click Next.

8. Choose Select driver names from a list. It may take a couple minutes to load the next screen.

9. Select all the drivers on this screen, except those that say Microsoft Corporation under Provider. It’s very unlikely a Microsoft driver is causing the issue. You can click on the Provider column header to sort and make this a little easier.

10. Click Finish.

11. Reboot your machine when prompted.

 

Note: Windows will place extra stress on your drivers so you may notice that your machine is a little less responsive at times but this is normal while we are doing this. The goal is to cause the BSOD that you have been getting. This time when the BSOD happens we should get more information that hopefully pinpoints the culprit.

 

 

Step#3 - Once you get the BSOD

1. Right-click on BlueScreenView.exe which should still be on your desktop and select Run as administrator. If prompted to Allow, please answer yes.
2. Once the program opens and finishes scanning, click on the Edit menu and choose Select All.
3. Then click on the file menu...Save selected Items...and save it to your desktop named BSOD.txt. Overwrite the BSOD.txt that is already there if prompted.
4. Open the BSOD.txt file in notepad (you can simply double-click on the file from the desktop to do this) and copy/paste the contents of this in your next reply.

 

 

   

 

Items for your next Post

1. FRST Fix List


  • 0

#48
Daniel Christmas Lee

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts

Step #1

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2014
Ran by DLee at 2014-09-24 21:11:43 Run:5
Running from E:\Users\DLee\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
C:\Windows\System32\Drivers\SmartDefragDriver.sys
Reboot:
*****************

SmartDefragDriver => Service stopped successfully.
SmartDefragDriver => Service deleted successfully.
C:\Windows\System32\Drivers\SmartDefragDriver.sys => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

 

What is more annoying than BSOD is the constant Windows Explorer has stopped working...


Edited by Daniel Christmas Lee, 24 September 2014 - 10:16 PM.

  • 0

#49
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

We'll look at that too. Let me know how both the BSOD and Windows Explorer issue go with SmartDefrag gone.


  • 0

#50
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

How have things been going? Any more Blue Screens? Any more Explorer crashes?


  • 0

#51
Daniel Christmas Lee

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts

I haven't had time to use my home computer thoroughly because of work. I'll report back Sunday.


  • 0

#52
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
No problem at all. I know how work goes!
  • 0

#53
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#54
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Topic re-opened per OP's request...
  • 0

#55
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Welcome back. I don't mind assisting you but please try to stick with me until we resolve your issue. Since I haven't heard the results from my last post please do the following.

 

Step#1 - Previous Steps

1. Please follow the steps from my last post here.

 

Step#2 - Fresh Logs

 
1. Right click on FRST64.exe and select Run as administrator. When it opens it will check to see if there is an update to the program and if so it will auto-update. Give it a minute before moving on. 
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check this log will be created as well. Please copy and paste this log as well.

 

  

 

Items for next post

1. FRST Fix log from previous post

2. New FRST and Addition logs


  • 0

Advertisements


#56
Daniel Christmas Lee

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts

I don't really know what you mean about the FRST Fix Log from previous post. I think I over wrote it, but isn't it in the thread?

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-10-2014 01
Ran by DLee (administrator) on ARMOR on 02-10-2014 07:39:47
Running from E:\Users\DLee\Desktop
Loaded Profile: DLee (Available profiles: DLee)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
() E:\Program Files (x86)\ASUS\ASWLCCSVC.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Windows\SysWOW64\PSIService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUSTeK Computer Inc.) E:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK Computer Inc.) E:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [QFan Help] => E:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe [888960 2010-03-25] (ASUSTeK Computer Inc.)
HKU\S-1-5-21-80866519-203923749-430787433-1000\...\MountPoints2: {07ca8828-3f49-11e2-9ee4-bcaec54ce1d6} - H:\MotoCastSetup.exe -a
HKU\S-1-5-21-80866519-203923749-430787433-1000\...\MountPoints2: {41189d8f-0438-11e2-98c9-f7d387e36a36} - H:\MotoCastSetup.exe -a
HKU\S-1-5-21-80866519-203923749-430787433-1000\...\MountPoints2: {726e2053-07a8-11e2-b8b6-bcaec54ce1d6} - F:\Setup.exe
HKU\S-1-5-21-80866519-203923749-430787433-1000\...\MountPoints2: {c0634394-38f0-11e3-8f55-bcaec54ce1d6} - H:\MotoCastSetup.exe -a
ShellIconOverlayIdentifiers: [01ElephantIconOverlay] -> {AFA39CBB-DF66-47f9-A047-47ED25FE655E} => E:\Program Files (x86)\ElephantDrive\ElephantDrive\IconOverlay-64bit.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [02ElephantIconOverlay] -> {1E519A85-494E-4706-AC87-1CC8BB9CC5DA} => E:\Program Files (x86)\ElephantDrive\ElephantDrive\IconOverlay-64bit.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [03ElephantIconOverlay] -> {0E2DD711-458A-4b39-8211-3F5FDAA0539E} => E:\Program Files (x86)\ElephantDrive\ElephantDrive\IconOverlay-64bit.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [04ElephantIconOverlay] -> {2E28D71B-2733-46CD-B61B-49926AC3FD6F} => E:\Program Files (x86)\ElephantDrive\ElephantDrive\IconOverlay-64bit.dll (TODO: <Company name>)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x38B84B00BBF3CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Program Files\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel
FF DefaultSearchEngine: Answers.com
FF SelectedSearchEngine: Answers.com
FF Homepage: https://Google.com
FF Keyword.URL: hxxp://www.google.com/search?q=
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> E:\PROGRA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> E:\Users\DLee\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> E:\Users\DLee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> E:\Users\DLee\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> E:\Users\DLee\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: E:\Users\DLee\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\searchplugins\answerscom.xml
FF SearchPlugin: E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\searchplugins\espn.xml
FF SearchPlugin: E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\searchplugins\facebook.xml
FF SearchPlugin: E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\searchplugins\mozilla-add-ons.xml
FF SearchPlugin: E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\searchplugins\weathercom.xml
FF SearchPlugin: E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\searchplugins\yahoo-answers.xml
FF Extension: Show Picture - E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\Extensions\[email protected] [2014-08-24]
FF Extension: Multi Links - E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\Extensions\[email protected] [2014-08-24]
FF Extension: Define Word - E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\Extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d} [2014-08-24]
FF Extension: Print/Print Preview - E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1} [2014-08-24]
FF Extension: Old Location Bar - E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\Extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0} [2014-08-24]
FF Extension: oldbar - E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\Extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb} [2014-08-24]
FF Extension: Gmail Manager - E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7} [2014-08-24]
FF Extension: DownloadHelper - E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-24]
FF Extension: Block site - E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2014-10-01]
FF Extension: Add to Amazon Wish List Button - E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\Extensions\[email protected] [2014-08-24]
FF Extension: Element Hiding Helper for Adblock Plus - E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\Extensions\[email protected] [2014-08-24]
FF Extension: Save Images - E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\Extensions\[email protected] [2014-08-24]
FF Extension: Restart Button - E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\Extensions\[email protected] [2014-08-24]
FF Extension: Save File to - E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\Extensions\[email protected] [2014-08-24]
FF Extension: Status-4-Evar - E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\Extensions\[email protected] [2014-08-24]
FF Extension: Status-bar Scientific Calculator - E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\Extensions\[email protected] [2014-08-24]
FF Extension: Session Manager - E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-08-24]
FF Extension: Image Zoom - E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-08-24]
FF Extension: Download Status Bar - E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-08-24]
FF Extension: Adblock Plus - E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-24]
FF Extension: Tab Mix Plus - E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tlw3ic70.Daniel\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-08-24]
FF StartMenuInternet: FIREFOX.EXE - E:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR DefaultSearchURL: Default -> https://www.google.c...r/render?cid=%s
CHR Profile: E:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - E:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (YouTube) - E:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-30]
CHR Extension: (Google Search) - E:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-30]
CHR Extension: (LastPass: Free Password Manager) - E:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-29]
CHR Extension: (YouTube Downloader: MP3 / HD Video Download) - E:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkeahicimadnjhdamcladhobabaafbg [2012-07-24]
CHR Extension: (Google Wallet) - E:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Media Player) - E:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofgcaekibnhngdlffnlaknlciggicekp [2012-07-24]
CHR Extension: (SiteBlock) - E:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2014-10-01]
CHR Extension: (Gmail) - E:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-08-11] (Advanced Micro Devices, Inc.) [File not signed]
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [109056 2010-06-24] () [File not signed]
R2 ASWLCCSvc; E:\Program Files (x86)\ASUS\ASWLCCSVC.exe [172032 2009-05-21] () [File not signed]
S3 ElephantDrive-MappedDrive.exe; E:\Program Files (x86)\ElephantDrive\ElephantDrive\ElephantDrive-MappedDrive.exe [125136 2012-08-13] (ElephantDrive)
S3 ElephantDrive-Service.exe; E:\Program Files (x86)\ElephantDrive\ElephantDrive\ElephantDrive-Service.exe [125136 2012-08-13] (ElephantDrive)
R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 SkypeUpdate; E:\Program Files (x86)\Updater\Updater.exe [315008 2014-04-03] (Skype Technologies)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
S3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER)
R3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-09-03] (Brother Industries Ltd.)
S3 BUSB_AUDIO_WDM; C:\Windows\System32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER)
S3 Cam5603D; C:\Windows\System32\Drivers\BisonCam.sys [739760 2007-04-23] (Bison Electronics. Inc. )
R3 clwvd6; C:\Windows\System32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
S3 cpuz136; E:\Users\DLee\PC WIZARD 2013\pcwiz_x64.sys [25320 2013-08-24] (CPUID)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2012-09-26] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [45752 2009-10-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50; C:\Windows\SysWOW64\Drivers\PCASp50.sys [45752 2009-10-28] (Printing Communications Assoc., Inc. (PCAUSA))
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 cpuz135; \??\E:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]
S3 ESEADriver2; \??\E:\Users\DLee\AppData\Local\Temp\ESEADriver2.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 PCANDIS4; \??\E:\PROGRA~1\Ugutil\program\PCANDIS4.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-30 22:19 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 22:19 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-23 22:11 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 22:11 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-21 13:32 - 2014-09-21 13:32 - 00288329 ____N () C:\Windows\Minidump\092114-19780-01.dmp
2014-09-21 11:40 - 2014-09-20 20:12 - 00000035 _____ () C:\Windows\system32\Drivers\etc\hosts.20140921-114022.backup
2014-09-19 12:18 - 2014-09-19 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-19 12:18 - 2014-09-19 12:18 - 00000000 ____D () C:\Program Files (x86)\Skype
2014-09-14 11:25 - 2014-09-14 11:25 - 00000000 ___DC () C:\TDSSKiller_Quarantine
2014-09-13 12:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-11 21:43 - 2014-10-02 07:39 - 00000000 ___DC () C:\FRST
2014-09-10 00:02 - 2014-08-18 15:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 00:02 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 00:01 - 2014-08-19 11:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 00:01 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 00:01 - 2014-08-18 16:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 00:01 - 2014-08-18 15:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 00:01 - 2014-08-18 15:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 00:01 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 00:01 - 2014-08-18 15:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 00:01 - 2014-08-18 15:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 00:01 - 2014-08-18 15:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 00:01 - 2014-08-18 15:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 00:01 - 2014-08-18 15:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 00:01 - 2014-08-18 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 00:01 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 00:01 - 2014-08-18 15:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 00:01 - 2014-08-18 15:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 00:01 - 2014-08-18 15:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 00:01 - 2014-08-18 15:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 00:01 - 2014-08-18 15:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 00:01 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 00:01 - 2014-08-18 14:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 00:01 - 2014-08-18 14:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 00:01 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 00:01 - 2014-08-18 14:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 00:01 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 00:01 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 00:01 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 00:01 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 00:01 - 2014-08-18 14:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 00:01 - 2014-08-18 14:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 00:01 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 00:01 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 00:01 - 2014-08-18 14:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 00:01 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 00:01 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 00:01 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 00:01 - 2014-08-18 14:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 00:01 - 2014-08-18 14:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 00:01 - 2014-08-18 14:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 00:01 - 2014-08-18 14:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 00:01 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 00:01 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 00:01 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 00:01 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 00:01 - 2014-08-18 14:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 00:01 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 00:01 - 2014-08-18 14:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 00:01 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 00:01 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 00:01 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 00:01 - 2014-08-18 13:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 00:01 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 00:01 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 00:01 - 2014-08-18 13:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 00:01 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-09 23:59 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-09 23:59 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-09 23:58 - 2014-09-04 19:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-09 23:58 - 2014-09-04 19:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-09 23:58 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-09 23:58 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-09 23:58 - 2014-07-06 19:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-09 23:58 - 2014-07-06 19:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 23:58 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-09 23:58 - 2014-07-06 18:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-09 23:58 - 2014-07-06 18:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-09 23:58 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-09 23:58 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-07 15:04 - 2014-09-07 15:04 - 00001156 _____ () C:\Windows\system32\cmd.exe - Shortcut.lnk
2014-09-07 13:55 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2014-09-06 21:32 - 2014-09-07 22:38 - 00000624 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-06 19:13 - 2014-09-06 19:13 - 00288329 _____ () C:\Windows\Minidump\090614-17160-01.dmp
2014-09-06 01:54 - 2014-09-06 01:54 - 00358329 _____ () C:\Windows\Minidump\090614-14554-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-02 07:38 - 2009-07-13 21:45 - 00022592 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-02 07:38 - 2009-07-13 21:45 - 00022592 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-02 07:35 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-02 07:34 - 2012-09-21 03:41 - 01517226 _____ () C:\Windows\WindowsUpdate.log
2014-10-02 07:31 - 2014-02-25 16:43 - 00037984 _____ () C:\Windows\setupact.log
2014-10-02 07:31 - 2012-09-24 20:21 - 00000000 ____D () C:\Temp
2014-10-02 07:31 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-01 23:49 - 2014-08-18 15:06 - 00000536 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-80866519-203923749-430787433-1000.job
2014-10-01 23:29 - 2012-09-21 15:16 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000UA.job
2014-10-01 23:23 - 2014-08-12 11:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-01 22:37 - 2012-09-21 17:23 - 00243982 _____ () C:\Windows\PFRO.log
2014-10-01 22:29 - 2012-09-21 15:16 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000Core.job
2014-09-30 00:41 - 2012-12-12 23:21 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000UA.job
2014-09-27 03:08 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-24 22:02 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-09-21 23:42 - 2012-09-22 11:56 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 19:12 - 2012-12-12 23:21 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000Core.job
2014-09-21 13:33 - 2011-03-19 21:12 - 00000000 ____D () E:\Users\DLee
2014-09-21 13:32 - 2012-09-21 15:24 - 00000000 ____D () C:\Windows\Minidump
2014-09-21 11:40 - 2009-07-13 19:34 - 00449923 ____R () C:\Windows\system32\Drivers\etc\hosts.20141001-222953.backup
2014-09-20 20:55 - 2012-09-21 03:56 - 00089192 _____ () C:\Users\DLee\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-20 20:47 - 2009-07-13 21:45 - 04968536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-20 20:09 - 2012-11-05 12:07 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-19 12:18 - 2014-08-26 20:22 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-19 12:18 - 2012-12-13 14:34 - 00000000 ____D () C:\ProgramData\Skype
2014-09-16 07:35 - 2013-03-16 16:37 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-16 07:35 - 2013-03-16 16:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-15 21:26 - 2014-08-18 15:06 - 00003558 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-80866519-203923749-430787433-1000
2014-09-14 23:37 - 2012-09-24 23:34 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-09-14 22:40 - 2012-09-24 23:32 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-14 11:39 - 2014-08-12 11:01 - 00000786 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-14 11:39 - 2014-08-12 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-12 22:33 - 2012-09-24 23:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 00:00 - 2012-09-22 11:55 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-10 00:00 - 2012-09-22 11:53 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 00:00 - 2012-09-22 11:53 - 00002120 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-10 00:00 - 2012-09-22 11:53 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 00:00 - 2012-09-22 11:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-09 23:59 - 2014-04-22 11:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-07 15:33 - 2013-06-24 16:09 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2014-09-07 12:26 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-09-06 21:48 - 2012-10-26 21:47 - 00001747 _____ () C:\Users\Public\Desktop\Sonos.lnk
2014-09-06 21:48 - 2012-10-26 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 08:25

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-10-2014 01
Ran by DLee at 2014-10-02 07:40:16
Running from E:\Users\DLee\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.57 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
AI Suite (HKLM-x32\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.06.20 - )
Aimersoft DRM Media Converter(Build 1.4.7.2) (HKLM-x32\...\Aimersoft DRM Media Converter_is1) (Version:  - Aimersoft Software)
AMD Accelerated Video Transcoding (Version: 13.30.100.40811 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0811.2303.39561 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5A53DBA6-9B15-450F-EDF3-C01E12E9C61F}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0811.2303.39561 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81008.0920 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
ASUS USB2.0 Webcam (HKLM-x32\...\{4A57592C-FF92-4083-97A9-92783BD5AFB4}) (Version: 6.96.2.2a - ASUS USB2.0 Webcam)
ASUS WLAN Card Utilities/Driver (HKLM-x32\...\{8F722FA9-B994-4C9B-B292-FD32D6206EDF}) (Version: 4.3.1.0 - ASUS)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 7 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
BEHRINGER USB AUDIO DRIVER (HKLM\...\USB_AUDIO_DEusb-audio.deBehringer2902) (Version:  - )
Brother MFL-Pro Suite MFC-440CN (HKLM-x32\...\{7E48AFD3-F28A-4E54-99A8-9F3A4A27DBC4}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0811.2303.39561 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0811.2303.39561 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0811.2303.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0811.2303.39561 - Advanced Micro Devices, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version:  - )
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.001.0000 - Corel Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - )
CyberLink YouCam 6 (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2326.0 - CyberLink Corp.)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{42CBCE27-DE9B-4094-B9EB-D4C4C135FFA8}) (Version:  - Microsoft)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
ElephantDrive (HKLM-x32\...\{6B4990B0-BE17-4B48-BA38-A8EE35E09EE1}) (Version: 5.1.0 - ElephantDrive)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FastStone Image Viewer 4.9 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.9 - FastStone Soft)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
GoToMeeting 6.4.2.1669 (HKCU\...\GoToMeeting) (Version: 6.4.2.1669 - CitrixOnline)
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Magic Online (HKLM-x32\...\{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}) (Version: 3.00.0000 - Wizards of the Coast)
Magic Set Editor 2.0.0 (HKLM-x32\...\Magic Set Editor 2_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
MPC-HC 1.7.5 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.5 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Controller Editor (Version: 1.5.1.1124 - Native Instruments) Hidden
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (Version: 5.1.1.2673 - Native Instruments) Hidden
Native Instruments Guitar Rig Mobile I/O (HKLM-x32\...\Native Instruments Guitar Rig Mobile I/O) (Version:  - Native Instruments)
Native Instruments Guitar Rig Mobile I/O (Version: 3.0.0.625 - Native Instruments) Hidden
Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version:  - Native Instruments)
Native Instruments Guitar Rig Session I/O (Version: 3.0.0.625 - Native Instruments) Hidden
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version:  - Native Instruments)
Native Instruments Rig Kontrol 3 (Version: 3.0.0.625 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Native Instruments Service Center (Version: 2.3.2.926 - Native Instruments) Hidden
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6037 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.0095 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 27.2.79231 - Sonos, Inc.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Star Trek Online (HKLM-x32\...\Steam App 9900) (Version:  - Cryptic Studios)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
STO Keybinds (HKCU\...\bdb72a49df691b00) (Version: 1.0.0.105 - Federation Emergency Services)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Walking Dead 400 Days (HKLM-x32\...\VGhlV2Fsa2luZ0RlYWQ=_is1) (Version: 1 - )
TurboV EVO (HKLM-x32\...\{491D92A9-69CA-4EB4-81D3-0106F9337957}) (Version: 1.02.32 - )
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{AC36E3B7-5095-43B9-9A74-928420F88714}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{3E381AC3-30C3-41D7-9B27-B3F3E17BDCB8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition (HKLM\...\{90140000-006E-0409-1000-0000000FF1CE}_Office14.SingleImage_{D9CF6D64-9342-4C83-A9C1-F45DE139F2A7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{A6C194EA-C6CB-4314-9E43-AD1F4A1E9D74}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition (HKLM\...\{90140000-00A1-0409-1000-0000000FF1CE}_Office14.SingleImage_{8D07F876-D93A-4CF7-B801-1D41AB2BF60B}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{1C381677-BE03-49CC-AFCA-242AA6094621}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{1C381677-BE03-49CC-AFCA-242AA6094621}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{0B6EF241-90CC-4AC7-B36F-2EECB12E61CF}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{4C975BB2-B3EE-4F66-A8E7-5C917B7C439D}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7861C766-2AA2-4A50-AB75-A57D451CEA76}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E1757044-ECB2-4551-B1D5-5E39F7E109CE}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
VirtuaGirl version 1.2.0.34 (HKCU\...\VirtuaGirl_is1) (Version: 1.2.0.34 - Totem Entertainment)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-80866519-203923749-430787433-1000_Classes\CLSID\{18707c5c-c2e7-4ff1-94af-2ee9807e6f0d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-80866519-203923749-430787433-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> E:\Users\DLee\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-80866519-203923749-430787433-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-80866519-203923749-430787433-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> E:\Users\DLee\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-80866519-203923749-430787433-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> E:\Users\DLee\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-80866519-203923749-430787433-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> E:\Users\DLee\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

15-09-2014 05:37:20 Removed Adobe Acrobat X Pro - English, Français, Deutsch.
15-09-2014 05:41:21 Removed Adobe Help Manager
15-09-2014 05:41:46 Removed Adobe Widget Browser
15-09-2014 05:42:48 Removed NVIDIA PhysX
15-09-2014 05:43:22 Removed Amazon Music Importer
15-09-2014 06:31:10 Installed Adobe Acrobat X Pro - English, Français, Deutsch.
18-09-2014 03:03:37 Windows Update
21-09-2014 03:07:55 Removed Adobe Acrobat X Pro - English, Français, Deutsch.
21-09-2014 03:13:24 Windows Update
21-09-2014 20:31:34 Spybot-S&D Spyware removal
24-09-2014 05:11:50 Windows Update
27-09-2014 10:19:23 Windows Update
01-10-2014 05:19:51 Windows Update
02-10-2014 05:07:08 Spybot-S&D Spyware removal
02-10-2014 06:34:59 Spybot-S&D Spyware removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-10-01 22:29 - 00449923 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {12DD8DC0-5E66-4EE3-A2DC-F18B37838C6D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {1F550FD6-77E7-43B4-A065-0580279D7D56} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000UA => E:\Users\DLee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20] (Google Inc.)
Task: {457FFDE4-41D6-4490-9098-4E19EFB7CECA} - System32\Tasks\ASUS\TurboVHelp => E:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe [2010-07-07] (ASUSTeK Computer Inc.)
Task: {654C4496-63F8-4B24-B1AF-0D1E9C17E5B2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Device Center\itype.exe
Task: {68216C4C-76D1-41DE-BE35-AF271E487178} - System32\Tasks\G2MUpdateTask-S-1-5-21-80866519-203923749-430787433-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\1669\g2mupdate.exe [2014-09-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {688DAE9A-11EE-4AC1-A58E-E062C350A523} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000UA => E:\Users\DLee\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {785E5907-EF25-4383-AE4F-F6AEE72BDC12} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {8DFBEFC3-E3B3-4200-AB6A-A10815F1CDB2} - System32\Tasks\ASUS\ASUS Update Checker => E:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {8EAC7C11-D6DF-4E65-8F69-036CC7FDA474} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.05\AsLoader.exe [2010-01-13] (ASUSTeK Computer Inc.)
Task: {8FEBC456-05EA-4261-A5B0-1485F92A5D85} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000Core => E:\Users\DLee\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {A1523DAA-D60F-45DC-942B-97EC5F4DA7EE} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {A5028A0D-104D-4B7E-A8AD-303BCD76F8EC} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {A77C337D-61C6-4371-B9EE-CA2F497402B0} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Device Center\ipoint.exe
Task: {B037A57E-5898-43F1-A757-2EFCE5C48B17} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {C224EC8E-93C0-45CB-A895-9EFCBF4F4E38} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000Core => E:\Users\DLee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20] (Google Inc.)
Task: {CE1CF273-A82D-480C-9A54-34F07C873E1D} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {E6342053-AE33-49BB-BA3E-6C0CB85334C1} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {EB8BC2C2-A0CC-48E8-8CC6-67C4673F404A} - System32\Tasks\{8D7A625B-87B7-4AF2-A334-F321F8D0A824} => Firefox.exe http://www.skype.com...8;LastError=404
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000Core.job => E:\Users\DLee\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000UA.job => E:\Users\DLee\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-80866519-203923749-430787433-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\1669\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000Core.job => E:\Users\DLee\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000UA.job => E:\Users\DLee\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-11 23:06 - 2014-08-11 23:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-09-23 22:15 - 2010-06-24 14:19 - 00109056 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
2013-02-11 00:07 - 2009-05-21 16:09 - 00172032 _____ () E:\Program Files (x86)\ASUS\ASWLCCSVC.exe
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2012-07-25 00:23 - 2012-07-25 00:23 - 00886784 _____ () E:\Program Files (x86)\ElephantDrive\ElephantDrive\RightClickMenu-64bit.dll
2013-10-31 08:05 - 2013-10-31 08:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2012-09-25 23:39 - 2010-02-08 17:19 - 00053248 _____ () E:\Program Files\ASUS\TurboV EVO\HookKey32.dll
2012-09-25 23:39 - 2010-06-01 10:38 - 00253952 _____ () E:\Program Files\ASUS\TurboV EVO\pngio.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\07882783.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\40260784.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42424843.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\54535701.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\07882783.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\40260784.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42424843.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\54535701.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Shortcut to ElephantDrive.exe.lnk => C:\Windows\pss\Shortcut to ElephantDrive.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Status Monitor.lnk => C:\Windows\pss\Status Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: E:^Users^DLee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.lnk => C:\Windows\pss\DesktopVideoPlayer.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Akamai NetSession Interface => "E:\Users\DLee\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: Control Center => E:\Program Files (x86)\ASUS\CenterAgent.exe
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: DAEMON Tools Lite => "E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Facebook Update => "E:\Users\DLee\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "E:\Users\DLee\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: QuickTime Task => "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "E:\Program Files (x86)\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "U:\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TurboV EVO => "E:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
MSCONFIG\startupreg: YouCam Service6 => "E:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe" /s

========================= Accounts: ==========================

Administrator (S-1-5-21-80866519-203923749-430787433-500 - Administrator - Disabled)
DLee (S-1-5-21-80866519-203923749-430787433-1000 - Administrator - Enabled) => E:\Users\DLee
Guest (S-1-5-21-80866519-203923749-430787433-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-80866519-203923749-430787433-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/01/2014 10:29:29 PM) (Source: MsiInstaller) (EventID: 11714) (User: ARMOR)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (09/30/2014 10:29:20 PM) (Source: MsiInstaller) (EventID: 11714) (User: ARMOR)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (09/30/2014 00:30:02 AM) (Source: MsiInstaller) (EventID: 11714) (User: ARMOR)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (09/28/2014 09:29:55 PM) (Source: MsiInstaller) (EventID: 11714) (User: ARMOR)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (09/27/2014 02:12:20 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (09/27/2014 00:29:50 PM) (Source: MsiInstaller) (EventID: 11714) (User: ARMOR)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (09/27/2014 03:29:55 AM) (Source: MsiInstaller) (EventID: 11714) (User: ARMOR)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (09/26/2014 08:29:52 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (09/26/2014 08:29:43 AM) (Source: MsiInstaller) (EventID: 11714) (User: ARMOR)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (09/25/2014 10:29:41 PM) (Source: MsiInstaller) (EventID: 11714) (User: ARMOR)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.


System errors:
=============
Error: (10/02/2014 07:31:02 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (10/01/2014 11:58:59 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (10/01/2014 10:37:24 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (10/01/2014 09:42:06 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (10/01/2014 07:55:16 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (09/30/2014 10:15:06 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (09/29/2014 11:32:19 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (09/28/2014 09:03:48 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (09/27/2014 00:01:05 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (09/27/2014 03:07:56 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.


Microsoft Office Sessions:
=========================
Error: (10/01/2014 10:29:29 PM) (Source: MsiInstaller) (EventID: 11714) (User: ARMOR)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/30/2014 10:29:20 PM) (Source: MsiInstaller) (EventID: 11714) (User: ARMOR)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/30/2014 00:30:02 AM) (Source: MsiInstaller) (EventID: 11714) (User: ARMOR)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/28/2014 09:29:55 PM) (Source: MsiInstaller) (EventID: 11714) (User: ARMOR)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/27/2014 02:12:20 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*e:\program files (x86)\spybot - search & destroy\DelZip179.dlle:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (09/27/2014 00:29:50 PM) (Source: MsiInstaller) (EventID: 11714) (User: ARMOR)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/27/2014 03:29:55 AM) (Source: MsiInstaller) (EventID: 11714) (User: ARMOR)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/26/2014 08:29:52 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*e:\program files (x86)\spybot - search & destroy\DelZip179.dlle:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (09/26/2014 08:29:43 AM) (Source: MsiInstaller) (EventID: 11714) (User: ARMOR)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/25/2014 10:29:41 PM) (Source: MsiInstaller) (EventID: 11714) (User: ARMOR)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2014-09-07 14:14:32.621
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\PROGRA~1\Ugutil\program\PCANDIS4.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-07 14:14:32.558
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\PROGRA~1\Ugutil\program\PCANDIS4.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-07 14:14:32.496
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\PROGRA~1\Ugutil\program\PCANDIS4.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-07 14:14:32.433
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\PROGRA~1\Ugutil\program\PCANDIS4.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-07 14:13:36.448
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\PROGRA~1\Ugutil\program\PCANDIS4.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-07 14:13:36.370
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\PROGRA~1\Ugutil\program\PCANDIS4.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-07 14:13:36.307
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\PROGRA~1\Ugutil\program\PCANDIS4.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-07 14:13:36.245
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\PROGRA~1\Ugutil\program\PCANDIS4.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-07 14:10:37.255
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\PROGRA~1\Ugutil\program\PCANDIS4.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-07 14:10:37.193
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\PROGRA~1\Ugutil\program\PCANDIS4.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Phenom™ II X6 1075T Processor
Percentage of memory in use: 10%
Total physical RAM: 16382.14 MB
Available physical RAM: 14705.21 MB
Total Pagefile: 49144.61 MB
Available Pagefile: 47461.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:59.62 GB) (Free:22.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Old C) (Fixed) (Total:465.65 GB) (Free:285.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive e: detected.
Drive g: (Phantom G) (Fixed) (Total:465.76 GB) (Free:260.19 GB) NTFS
Drive k: (Phantom K) (Fixed) (Total:465.76 GB) (Free:264.53 GB) NTFS
Drive u: (Unique) (Fixed) (Total:931.51 GB) (Free:354.5 GB) NTFS
Drive x: (Falcon X) (Fixed) (Total:465.86 GB) (Free:272.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F72B7564)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 9A4048C5)
Partition 1: (Active) - (Size=59.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BAA5BAA5)
Partition 1: (Active) - (Size=465.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: F87B4C9A)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 465.8 GB) (Disk ID: 000098EC)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#57
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

No problem, I do see the fixlog thank you. Please follow the instructions below.

 

Step#1 - JRT

 

Note: Please disable your Antivirus Software before doing Step#1. Info on how to do this is here.

1. Download Junkware Removal Tool to your desktop.

2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

3, The tool will open and start scanning your system.

4. Please be patient as this can take a while to complete depending on your system's specifications.

5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

6. Close the text file and reboot your machine.

7. After your machine is rebooted, please re-enable your antivirus.

8. Post the contents of JRT.txt into your next message.

 

Step#2 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   851bytes   54 downloads

Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
 
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#3 - File Identification

1. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.

2. Copy 54535701.sys and paste it into the Search box of the FRST window.

3. Click the Search Files button.

4. When the search is done it will open a notepad window with the results. Can you copy/paste the contents of this window into your next post?

 

  

 

Items for you next post

1. Contents of JRT

2. Contents of the FRST fix

3. Contents of the Search results


  • 0

#58
Daniel Christmas Lee

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.7 (10.03.2014:1)
OS: Windows 7 Home Premium x64
Ran by DLee on Thu 10/02/2014 at 23:21:49.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/02/2014 at 23:23:53.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#59
Daniel Christmas Lee

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2014
Ran by DLee at 2014-10-02 23:28:26 Run:6
Running from E:\Users\DLee\Desktop
Loaded Profile: DLee (Available profiles: DLee)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-80866519-203923749-430787433-1000\...\MountPoints2: {07ca8828-3f49-11e2-9ee4-bcaec54ce1d6} - H:\MotoCastSetup.exe -a
HKU\S-1-5-21-80866519-203923749-430787433-1000\...\MountPoints2: {41189d8f-0438-11e2-98c9-f7d387e36a36} - H:\MotoCastSetup.exe -a
HKU\S-1-5-21-80866519-203923749-430787433-1000\...\MountPoints2: {726e2053-07a8-11e2-b8b6-bcaec54ce1d6} - F:\Setup.exe
HKU\S-1-5-21-80866519-203923749-430787433-1000\...\MountPoints2: {c0634394-38f0-11e3-8f55-bcaec54ce1d6} - H:\MotoCastSetup.exe -a
Hosts:
cmd:ipconfig /flushdns
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F

*****************

"HKU\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07ca8828-3f49-11e2-9ee4-bcaec54ce1d6}" => Key deleted successfully.
"HKCR\CLSID\{07ca8828-3f49-11e2-9ee4-bcaec54ce1d6}" => Key not found.
"HKU\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41189d8f-0438-11e2-98c9-f7d387e36a36}" => Key deleted successfully.
"HKCR\CLSID\{41189d8f-0438-11e2-98c9-f7d387e36a36}" => Key not found.
"HKU\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{726e2053-07a8-11e2-b8b6-bcaec54ce1d6}" => Key deleted successfully.
"HKCR\CLSID\{726e2053-07a8-11e2-b8b6-bcaec54ce1d6}" => Key not found.
"HKU\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0634394-38f0-11e3-8f55-bcaec54ce1d6}" => Key deleted successfully.
"HKCR\CLSID\{c0634394-38f0-11e3-8f55-bcaec54ce1d6}" => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


==== End of Fixlog ====


  • 0

#60
Daniel Christmas Lee

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts

Farbar Recovery Scan Tool (x64) Version: 02-10-2014
Ran by DLee at 2014-10-02 23:30:01
Running from E:\Users\DLee\Desktop
Boot Mode: Normal

================== Search Files: "54535701.sys" =============

====== End Of Search ======


  • 0






Similar Topics


Also tagged with one or more of these keywords: BSOD, Malware, Godawgs

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP