Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MyPC backup Virus and VuuPC


  • This topic is locked This topic is locked

#16
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

Hello I keep getting the MyPC backup virus and something called VuuPC remote desktop access.



So where are you getting it from ?

We already deleted it once.

Folder Deleted : C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup

File Deleted : C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

Post a new FRST Log. Perhaps I'm missing something.
  • 0

Advertisements


#17
Grimseethe

Grimseethe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Hello,



Hello I keep getting the MyPC backup virus and something called VuuPC remote desktop access.



So where are you getting it from ?

We already deleted it once.

Folder Deleted : C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup

File Deleted : C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

Post a new FRST Log. Perhaps I'm missing something.

 

That's where I think the remote desktop access comes into it, I think someone may have access to my computer and is installing this stuff.
Here are the FRST logs without uninstalling and deleting Vuupc or my pcbackup.

 

FRST txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014
Ran by Grimseethe (administrator) on JAMIE on 30-10-2014 09:24:00
Running from C:\Users\Grimseethe\Desktop
Loaded Profile: Grimseethe (Available profiles: Grimseethe)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [855608 2007-09-27] (Microsoft Corporation)
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-09-29] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1529992669-352850834-4173221306-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-1529992669-352850834-4173221306-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearc...3DB4BA6305A45A0
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {4B51C980-C6B0-11E1-9136-AED16088709B} URL = http://www.safesearc...3DB4BA6305A45A0
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} https://catalog.upda...b?1410528890680
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn [2014-10-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014-09-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014-09-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014-09-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014-09-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014-09-29]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Grimseethe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (GoSave) - C:\Users\Grimseethe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcokjblpachgjbipegjjbbbmhjnignk [2014-10-27]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho []
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-29]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [2014-09-29]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-10-13] (Just Develop It) <==== ATTENTION
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-07-09] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-10-08] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-10-08] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 RzDxgk; C:\WINDOWS\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R1 RzFilter; C:\WINDOWS\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)
R3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [35496 2014-09-05] (Razer Inc)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 09:06 - 2014-10-30 09:06 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-10-29 09:06 - 2014-10-30 09:06 - 00004030 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-10-29 08:46 - 2014-10-29 08:46 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-10-27 11:47 - 2014-10-29 08:01 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdBlocke
2014-10-27 11:46 - 2014-10-27 11:46 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-10-27 11:46 - 2014-10-27 11:46 - 00000000 ____D () C:\Users\Guest
2014-10-27 11:46 - 2014-10-27 11:46 - 00000000 ____D () C:\Users\Administrator
2014-10-26 09:21 - 2014-10-26 09:21 - 00000000 _____ () C:\autoexec.bat
2014-10-26 06:17 - 2014-10-26 09:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 06:16 - 2014-10-26 06:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-26 06:16 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-26 06:16 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-26 06:16 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-26 06:12 - 2014-10-26 06:12 - 00000000 ____D () C:\Windows\ERUNT
2014-10-26 06:09 - 2014-10-27 11:02 - 00000000 ____D () C:\AdwCleaner
2014-10-25 20:07 - 2014-10-25 20:07 - 00003402 _____ () C:\Windows\System32\Tasks\DonutQuotes
2014-10-24 17:06 - 2014-10-24 17:06 - 00000000 ____D () C:\Windows\System32\Tasks\SystemOperations
2014-10-24 16:45 - 2014-10-30 08:36 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9F381E5E-2074-4B46-83AC-8A153D1A2FB7}
2014-10-19 13:54 - 2014-10-19 13:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-16 08:40 - 2014-09-27 22:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 08:40 - 2014-09-04 00:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-16 08:40 - 2014-09-03 23:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-16 08:40 - 2014-09-03 23:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-16 08:39 - 2014-09-08 03:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-16 08:39 - 2014-09-08 01:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-16 08:39 - 2014-09-08 01:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-16 08:39 - 2014-09-08 00:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-16 08:39 - 2014-09-08 00:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-16 08:39 - 2014-09-08 00:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-16 08:39 - 2014-09-08 00:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-16 08:39 - 2014-09-08 00:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-16 08:39 - 2014-09-08 00:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-16 08:39 - 2014-09-08 00:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-16 08:39 - 2014-09-07 23:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-16 08:39 - 2014-09-07 23:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-16 08:39 - 2014-09-07 23:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-16 08:39 - 2014-09-07 23:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-16 08:38 - 2014-09-25 22:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 08:38 - 2014-09-25 22:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 08:38 - 2014-09-25 22:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 08:38 - 2014-09-25 22:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 08:38 - 2014-09-25 22:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 08:38 - 2014-09-25 22:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 08:38 - 2014-09-19 02:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 08:38 - 2014-09-19 01:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 08:38 - 2014-09-19 01:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 08:38 - 2014-09-19 01:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 08:38 - 2014-09-19 01:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 08:38 - 2014-09-19 01:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 08:38 - 2014-09-19 01:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 08:38 - 2014-09-19 01:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 08:38 - 2014-09-19 01:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 08:38 - 2014-09-19 01:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 08:38 - 2014-09-19 00:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 08:38 - 2014-09-19 00:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 08:38 - 2014-09-19 00:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 08:38 - 2014-09-19 00:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 08:38 - 2014-09-19 00:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 08:38 - 2014-09-19 00:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 08:38 - 2014-09-19 00:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 08:38 - 2014-09-19 00:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 08:38 - 2014-09-19 00:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 08:38 - 2014-09-19 00:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 08:38 - 2014-09-18 23:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 08:38 - 2014-09-18 23:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 08:38 - 2014-09-18 23:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 08:38 - 2014-09-18 23:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 08:38 - 2014-09-13 06:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 08:38 - 2014-09-13 05:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 08:37 - 2014-09-04 00:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 08:37 - 2014-09-04 00:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 08:37 - 2014-08-16 04:08 - 21195616 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-16 08:37 - 2014-08-16 04:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-10-16 08:37 - 2014-08-16 04:01 - 01710184 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-16 08:37 - 2014-08-16 03:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-16 08:37 - 2014-08-16 03:57 - 02498880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-16 08:37 - 2014-08-16 03:57 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-16 08:37 - 2014-08-16 03:16 - 18722600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-16 08:37 - 2014-08-16 03:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-10-16 08:37 - 2014-08-16 03:03 - 01467384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-16 08:37 - 2014-08-16 01:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-16 08:37 - 2014-08-16 01:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-10-16 08:37 - 2014-08-16 00:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-10-16 08:37 - 2014-08-16 00:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-10-16 08:37 - 2014-08-16 00:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2014-10-16 08:37 - 2014-08-16 00:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-10-16 08:37 - 2014-08-16 00:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2014-10-16 08:37 - 2014-08-16 00:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-10-16 08:37 - 2014-08-16 00:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-10-16 08:37 - 2014-08-16 00:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-10-16 08:37 - 2014-08-16 00:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-16 08:37 - 2014-08-16 00:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-10-16 08:37 - 2014-08-16 00:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-10-16 08:37 - 2014-08-16 00:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-10-16 08:37 - 2014-08-16 00:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-16 08:37 - 2014-08-16 00:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-10-16 08:37 - 2014-08-16 00:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-10-16 08:37 - 2014-08-16 00:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-10-16 08:37 - 2014-08-16 00:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 08:37 - 2014-08-16 00:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-10-16 08:37 - 2014-08-16 00:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-10-16 08:37 - 2014-08-16 00:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-10-16 08:37 - 2014-08-16 00:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-10-16 08:37 - 2014-08-16 00:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 08:37 - 2014-08-16 00:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-10-16 08:37 - 2014-07-31 23:22 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-16 08:36 - 2014-10-09 22:16 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 08:36 - 2014-10-08 22:09 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 08:36 - 2014-09-19 01:24 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 08:36 - 2014-09-13 06:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 08:36 - 2014-09-13 05:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 08:36 - 2014-08-29 01:58 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-10-16 08:36 - 2014-08-28 23:56 - 02646016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-16 08:36 - 2014-08-28 23:47 - 02321920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-15 08:58 - 2014-10-15 08:58 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-15 08:58 - 2014-10-15 08:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-15 08:58 - 2014-10-15 08:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-15 08:58 - 2014-10-15 08:58 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-15 08:58 - 2014-10-15 08:58 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-30 16:00 - 2014-09-17 04:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-09-30 16:00 - 2014-09-17 04:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-09-30 16:00 - 2014-09-13 23:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 00867528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 00834880 _____ () C:\Windows\system32\nvmcumd.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 00501064 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 00417096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-09-30 16:00 - 2014-09-13 23:48 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-09-30 15:57 - 2014-09-04 19:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-09-30 15:57 - 2014-09-04 19:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-09-30 05:32 - 2014-09-30 05:32 - 00901632 _____ (Razer Inc) C:\Windows\SysWOW64\rzdevicedll.dll
2014-09-30 05:32 - 2014-09-30 05:32 - 00419840 _____ (Razer Inc) C:\Windows\SysWOW64\rzaudiodll.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 09:19 - 2013-07-23 10:28 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-30 09:11 - 2013-07-09 17:42 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1529992669-352850834-4173221306-1001
2014-10-30 09:00 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-30 08:53 - 2013-10-24 22:44 - 01712475 _____ () C:\Windows\WindowsUpdate.log
2014-10-30 08:33 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-30 08:33 - 2013-07-23 10:28 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-29 08:18 - 2013-09-30 04:11 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-29 08:11 - 2013-10-24 22:48 - 00000000 ____D () C:\Users\Grimseethe
2014-10-29 08:11 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-29 08:10 - 2012-07-26 08:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-29 08:02 - 2013-09-29 20:03 - 01430196 _____ () C:\Windows\PFRO.log
2014-10-27 13:00 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-27 11:46 - 2013-07-23 10:28 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-27 10:57 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-26 12:46 - 2013-08-22 15:36 - 00000000 ___RD () C:\Windows\DesktopTileResources
2014-10-26 11:53 - 2014-03-28 11:30 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-26 09:47 - 2013-07-10 10:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-26 06:36 - 2013-08-22 15:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-10-24 11:16 - 2014-04-13 08:55 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-21 19:00 - 2014-04-22 14:30 - 00341362 _____ () C:\Windows\DPINST.LOG
2014-10-18 18:21 - 2013-07-09 18:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-18 10:19 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\rescache
2014-10-17 18:14 - 2013-07-23 10:28 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 18:14 - 2013-07-23 10:28 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 14:53 - 2013-08-22 14:44 - 00509888 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 13:12 - 2013-08-22 15:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-17 13:12 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\WinStore
2014-10-17 13:12 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2014-10-17 13:12 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\en-GB
2014-10-17 13:12 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-17 13:12 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-17 13:12 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\Camera
2014-10-17 09:00 - 2012-07-26 07:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-17 08:58 - 2013-07-19 16:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 08:56 - 2013-07-11 07:57 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-17 08:55 - 2014-07-10 17:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-11 16:39 - 2013-08-22 14:46 - 00337302 _____ () C:\Windows\setupact.log
2014-10-08 08:07 - 2014-09-29 14:39 - 00771272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-10-08 08:07 - 2014-09-29 14:39 - 00142344 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-10-06 07:26 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-04 18:03 - 2014-01-13 10:10 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-04 06:42 - 2014-07-29 17:58 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-10-04 06:42 - 2013-11-09 15:36 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-10-04 06:41 - 2014-07-29 17:58 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-10-04 06:41 - 2013-11-09 15:36 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-10-01 10:28 - 2013-08-24 15:41 - 00210728 _____ () C:\Windows\DirectX.log
2014-10-01 08:57 - 2014-07-19 08:36 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2014-09-30 20:09 - 2014-07-18 15:55 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-09-30 16:47 - 2013-10-24 22:44 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-30 16:01 - 2013-10-24 22:44 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-29 12:38

==================== End Of Log ============================

 

 

 

Additional TXT

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014
Ran by Grimseethe at 2014-10-30 09:22:15
Running from C:\Users\Grimseethe\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{1CAFFEC6-23B4-484B-B17B-3200BE5C5636}) (Version: 99.9 - Eyeo GmbH)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 4.28 - Happy Cloud, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.1 (HKLM\...\{8A837C47-2B21-4FDF-8370-41A1EB6A26E8}) (Version: 1.10.123.0 - Microsoft)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.8.23 - Symantec Corporation)
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 344.11 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{28B88897-774A-4005-BBFF-663B1F8EAA5A}) (Version: 4.10.9764 - Apache Software Foundation)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.17.22533 - Razer Inc.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - Enterbrain)
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Lord of the Rings Online (HKCU\...\lotro_highres_en) (Version:  - )
Windows Phone app for desktop (HKLM-x32\...\{8C9B338E-6815-41F2-9FE3-337715D1524E}) (Version: 1.0.1720.1 - Microsoft Corporation)
WinRAR 5.11 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.1 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1529992669-352850834-4173221306-1001_Classes\CLSID\{8aaa59b7-f0a8-4973-8024-9687e30d7e20}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================

07-10-2014 10:37:50 Installed OpenOffice 4.1.1
15-10-2014 08:57:39 Installed Java 7 Update 71
18-10-2014 18:20:19 Removed Arc
25-10-2014 21:14:33 Removed Microsoft ASP.NET MVC 4 Runtime
27-10-2014 10:24:53 OTL Restore Point - 27/10/2014 10:24:52
29-10-2014 08:00:13 Removed Adblock Plus for IE (32-bit and 64-bit)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2014-10-28 09:54 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {05A7AE4B-F942-4F09-8D12-8A133C7E8DE4} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-10-13] (MyPC Backup) <==== ATTENTION
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {105108D7-878B-4E96-9E22-A864A162344A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-17] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {341B1342-8248-4824-9DCB-BB4353FC85AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {37531B9B-EFC6-458B-9566-96DBC507CB20} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3D8DC142-5344-40D6-A489-B0BBBD7A8092} - System32\Tasks\DonutQuotes => C:\Program Files (x86)\donutleads\ScheduledTask.exe
Task: {402A6155-47CE-4F1B-A9F6-B77520AD4406} - System32\Tasks\SystemOperations\Safe Updater 08 => C:\ProgramData\SystemOperations\SafeUpdater\SafeUpdater.exe [2014-10-23] (PicColor)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {65E65193-D58A-4831-815F-310AA6B43D26} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-10-13] (MyPC Backup) <==== ATTENTION
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6F40B3C6-8B2C-4B1B-883F-DD3D75080E46} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7CE25BE9-5887-4669-9B9B-E1EE6DEEEE9D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {8664D02A-B127-4129-93D8-3E3B01EBDD37} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D4717EFF-E0CA-41A3-A413-457FFC1B7CC7} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DD979D16-B1A5-4B19-BF5E-6F9B1F50AA0C} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E8E82BAE-96F5-44EF-8B6F-5D016761332C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {F2005DDE-AD23-407D-8FBB-19EBDCB7CA51} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {FAF107B9-4B18-452B-93EC-359D232651F3} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-24 22:45 - 2014-09-13 21:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-13 14:36 - 2014-10-13 14:36 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-10-13 14:31 - 2014-10-13 14:31 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2014-03-06 14:00 - 2014-03-06 14:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Nvtmru"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKCU\...\StartupApproved\Run: => "Steam"
HKCU\...\StartupApproved\Run: => "WebCake Desktop"
HKCU\...\StartupApproved\Run: => "Spotify"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"
HKCU\...\StartupApproved\Run: => "fastclean"
HKCU\...\StartupApproved\Run: => "Akamai NetSession Interface"

========================= Accounts: ==========================

Administrator (S-1-5-21-1529992669-352850834-4173221306-500 - Administrator - Disabled)
Grimseethe (S-1-5-21-1529992669-352850834-4173221306-1001 - Administrator - Enabled) => C:\Users\Grimseethe
Guest (S-1-5-21-1529992669-352850834-4173221306-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1529992669-352850834-4173221306-1006 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/30/2014 09:20:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2b54

Start Time: 01cff42238267fd7

Termination Time: 39

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: ec5ec56c-6015-11e4-bed6-902b34996fa3

Faulting package full name:

Faulting package-relative application ID:

Error: (10/29/2014 05:40:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TurbineLauncher.exe, version: 1402.55.6987.4034, time stamp: 0x54112f80
Faulting module name: patchclient.DLL, version: 3.0.2.0, time stamp: 0x52f3d636
Exception code: 0xc0000005
Fault offset: 0x0002e779
Faulting process ID: 0x1a7c
Faulting application start time: 0xTurbineLauncher.exe0
Faulting application path: TurbineLauncher.exe1
Faulting module path: TurbineLauncher.exe2
Report ID: TurbineLauncher.exe3
Faulting package full name: TurbineLauncher.exe4
Faulting package-relative application ID: TurbineLauncher.exe5

Error: (10/29/2014 00:09:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdblockPlusEngine.exe, version: 1.2.0.0, time stamp: 0x53ea2829
Faulting module name: AdblockPlusEngine.exe, version: 1.2.0.0, time stamp: 0x53ea2829
Exception code: 0xc0000409
Fault offset: 0x0000000000282210
Faulting process ID: 0x83c
Faulting application start time: 0xAdblockPlusEngine.exe0
Faulting application path: AdblockPlusEngine.exe1
Faulting module path: AdblockPlusEngine.exe2
Report ID: AdblockPlusEngine.exe3
Faulting package full name: AdblockPlusEngine.exe4
Faulting package-relative application ID: AdblockPlusEngine.exe5

Error: (10/28/2014 06:47:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TurbineLauncher.exe, version: 1402.55.6987.4034, time stamp: 0x54112f80
Faulting module name: patchclient.DLL, version: 3.0.2.0, time stamp: 0x52f3d636
Exception code: 0xc0000005
Fault offset: 0x0002e779
Faulting process ID: 0x11b0
Faulting application start time: 0xTurbineLauncher.exe0
Faulting application path: TurbineLauncher.exe1
Faulting module path: TurbineLauncher.exe2
Report ID: TurbineLauncher.exe3
Faulting package full name: TurbineLauncher.exe4
Faulting package-relative application ID: TurbineLauncher.exe5

Error: (10/28/2014 03:04:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TurbineLauncher.exe, version: 1402.55.6987.4034, time stamp: 0x54112f80
Faulting module name: patchclient.DLL, version: 3.0.2.0, time stamp: 0x52f3d636
Exception code: 0xc0000005
Fault offset: 0x0002e779
Faulting process ID: 0xa20
Faulting application start time: 0xTurbineLauncher.exe0
Faulting application path: TurbineLauncher.exe1
Faulting module path: TurbineLauncher.exe2
Report ID: TurbineLauncher.exe3
Faulting package full name: TurbineLauncher.exe4
Faulting package-relative application ID: TurbineLauncher.exe5

Error: (10/28/2014 10:27:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TurbineLauncher.exe, version: 1402.55.6987.4034, time stamp: 0x54112f80
Faulting module name: patchclient.DLL, version: 3.0.2.0, time stamp: 0x52f3d636
Exception code: 0xc0000005
Fault offset: 0x0002e779
Faulting process ID: 0x8dc
Faulting application start time: 0xTurbineLauncher.exe0
Faulting application path: TurbineLauncher.exe1
Faulting module path: TurbineLauncher.exe2
Report ID: TurbineLauncher.exe3
Faulting package full name: TurbineLauncher.exe4
Faulting package-relative application ID: TurbineLauncher.exe5

Error: (10/27/2014 02:00:00 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (1480) SRUJet: Database recovery/restore failed with unexpected error -1216.

Error: (10/27/2014 02:00:00 PM) (Source: ESENT) (EventID: 494) (User: )
Description: svchost (1480) SRUJet: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Windows\system32\SRU\SRUDB.dat', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

Error: (10/27/2014 01:25:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TurbineLauncher.exe, version: 1402.55.6987.4034, time stamp: 0x54112f80
Faulting module name: patchclient.DLL, version: 3.0.2.0, time stamp: 0x52f3d636
Exception code: 0xc0000005
Fault offset: 0x0002e779
Faulting process ID: 0x404
Faulting application start time: 0xTurbineLauncher.exe0
Faulting application path: TurbineLauncher.exe1
Faulting module path: TurbineLauncher.exe2
Report ID: TurbineLauncher.exe3
Faulting package full name: TurbineLauncher.exe4
Faulting package-relative application ID: TurbineLauncher.exe5

Error: (10/27/2014 01:14:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TurbineLauncher.exe, version: 1402.55.6987.4034, time stamp: 0x54112f80
Faulting module name: patchclient.DLL, version: 3.0.2.0, time stamp: 0x52f3d636
Exception code: 0xc0000005
Fault offset: 0x0002e779
Faulting process ID: 0x11bc
Faulting application start time: 0xTurbineLauncher.exe0
Faulting application path: TurbineLauncher.exe1
Faulting module path: TurbineLauncher.exe2
Report ID: TurbineLauncher.exe3
Faulting package full name: TurbineLauncher.exe4
Faulting package-relative application ID: TurbineLauncher.exe5

System errors:
=============
Error: (10/30/2014 08:42:18 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (10/29/2014 09:34:46 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.

Error: (10/29/2014 09:34:46 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An TLS 1.2 connection request was received from a remote client application, but none of the cypher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (10/29/2014 09:34:40 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.

Error: (10/29/2014 09:34:40 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An TLS 1.2 connection request was received from a remote client application, but none of the cypher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (10/29/2014 00:39:43 PM) (Source: DCOM) (EventID: 10010) (User: Jamie)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (10/29/2014 00:39:12 PM) (Source: DCOM) (EventID: 10010) (User: Jamie)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (10/29/2014 08:11:30 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on Hyper-V logical processor 5 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (10/29/2014 08:11:30 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on Hyper-V logical processor 4 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (10/29/2014 08:11:30 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on Hyper-V logical processor 3 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Microsoft Office Sessions:
=========================
Error: (10/30/2014 09:20:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.173442b5401cff42238267fd739C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEec5ec56c-6015-11e4-bed6-902b34996fa3

Error: (10/29/2014 05:40:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TurbineLauncher.exe1402.55.6987.403454112f80patchclient.DLL3.0.2.052f3d636c00000050002e7791a7c01cff39f53dd50a1C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exeC:\ProgramData\Turbine\The Lord of the Rings Online\patchclient.DLLbc0ff633-5f92-11e4-bed6-902b34996fa3

Error: (10/29/2014 00:09:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AdblockPlusEngine.exe1.2.0.053ea2829AdblockPlusEngine.exe1.2.0.053ea2829c0000409000000000028221083c01cff3710faea2e6C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exeC:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe6a11f6ab-5f64-11e4-bed6-902b34996fa3

Error: (10/28/2014 06:47:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TurbineLauncher.exe1402.55.6987.403454112f80patchclient.DLL3.0.2.052f3d636c00000050002e77911b001cff2de97e689dbC:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exeC:\ProgramData\Turbine\The Lord of the Rings Online\patchclient.DLLd61d248a-5ed2-11e4-bed4-902b34996fa3

Error: (10/28/2014 03:04:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TurbineLauncher.exe1402.55.6987.403454112f80patchclient.DLL3.0.2.052f3d636c00000050002e779a2001cff2c0405a1d81C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exeC:\ProgramData\Turbine\The Lord of the Rings Online\patchclient.DLLac8253db-5eb3-11e4-bed4-902b34996fa3

Error: (10/28/2014 10:27:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TurbineLauncher.exe1402.55.6987.403454112f80patchclient.DLL3.0.2.052f3d636c00000050002e7798dc01cff299474897d8C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exeC:\ProgramData\Turbine\The Lord of the Rings Online\patchclient.DLLf853c0e2-5e8c-11e4-bed4-902b34996fa3

Error: (10/27/2014 02:00:00 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost1480SRUJet: -1216

Error: (10/27/2014 02:00:00 PM) (Source: ESENT) (EventID: 494) (User: )
Description: svchost1480SRUJet: -1216C:\Windows\system32\SRU\SRUDB.dat

Error: (10/27/2014 01:25:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TurbineLauncher.exe1402.55.6987.403454112f80patchclient.DLL3.0.2.052f3d636c00000050002e77940401cff1e9587b89fbC:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exeC:\ProgramData\Turbine\The Lord of the Rings Online\patchclient.DLLaac6e023-5ddc-11e4-bed2-902b34996fa3

Error: (10/27/2014 01:14:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TurbineLauncher.exe1402.55.6987.403454112f80patchclient.DLL3.0.2.052f3d636c00000050002e77911bc01cff1e7ab6d3972C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exeC:\ProgramData\Turbine\The Lord of the Rings Online\patchclient.DLL285324d9-5ddb-11e4-bed2-902b34996fa3

==================== Memory info ===========================

Processor: AMD FX™-6200 Six-Core Processor
Percentage of memory in use: 25%
Total physical RAM: 8173.55 MB
Available physical RAM: 6086.19 MB
Total Pagefile: 9453.55 MB
Available Pagefile: 7303.25 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1863.01 GB) (Free:1353.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Hard Drive) (Fixed) (Total:931.51 GB) (Free:931.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 125FECD7)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 8CA5DBDC)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================


 


  • 0

#18
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,
Yes there back.

Please remove these programs from your programs an Features list first.
  • MyPC Backup
  • Remote Desktop Access
How to uninstall a program in windows 8 see Here


That's all I want to do for now, I need to review the log a bit more.

Let me know when you remove those programs.

Joe
  • 0

#19
Grimseethe

Grimseethe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Hello,
Yes there back.

Please remove these programs from your programs an Features list first.

  • MyPC Backup
  • Remote Desktop Access
How to uninstall a program in windows 8 see Here


That's all I want to do for now, I need to review the log a bit more.

Let me know when you remove those programs.

Joe

 

I remove those programs whenever they appear.


  • 0

#20
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
OK,

I'll get another fix using FRST a little bit later today as I'm going to work now.

Thanks
Joe
  • 0

#21
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Sorry for some delay.

Run this fix and post a new FRST Log.


A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-10-13] (Just Develop It) <==== ATTENTION
2014-10-30 09:06 - 2014-10-30 09:06 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
Task: {05A7AE4B-F942-4F09-8D12-8A133C7E8DE4} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-10-13] (MyPC Backup) <==== ATTENTION
Task: {65E65193-D58A-4831-815F-310AA6B43D26} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-10-13] (MyPC Backup) <==== ATTENTION
2014-10-13 14:36 - 2014-10-13 14:36 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-10-13 14:31 - 2014-10-13 14:31 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
C:\Program Files (x86)\MyPC Backup\GetText.dll
C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
reboot:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.


In your next reply post:
  • Fixlog.txt
  • A new FRST log
Thanks
Joe :)
  • 0

#22
Grimseethe

Grimseethe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
zep516, on 01 Nov 2014 - 8:14 PM, said:

Sorry for some delay.

Run this fix and post a new FRST Log.


A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.



start
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-10-13] (Just Develop It) <==== ATTENTION
2014-10-30 09:06 - 2014-10-30 09:06 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
Task: {05A7AE4B-F942-4F09-8D12-8A133C7E8DE4} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-10-13] (MyPC Backup) <==== ATTENTION
Task: {65E65193-D58A-4831-815F-310AA6B43D26} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-10-13] (MyPC Backup) <==== ATTENTION
2014-10-13 14:36 - 2014-10-13 14:36 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-10-13 14:31 - 2014-10-13 14:31 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
C:\Program Files (x86)\MyPC Backup\GetText.dll
C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
reboot:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.


In your next reply post:
  • Fixlog.txt
  • A new FRST log
Thanks
Joe :)

 

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-11-2014
Ran by Grimseethe at 2014-11-01 23:09:42 Run:1
Running from C:\Users\Grimseethe\Desktop
Loaded Profile: Grimseethe (Available profiles: Grimseethe)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-10-13] (Just Develop It) <==== ATTENTION
2014-10-30 09:06 - 2014-10-30 09:06 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
Task: {05A7AE4B-F942-4F09-8D12-8A133C7E8DE4} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-10-13] (MyPC Backup) <==== ATTENTION
Task: {65E65193-D58A-4831-815F-310AA6B43D26} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-10-13] (MyPC Backup) <==== ATTENTION
2014-10-13 14:36 - 2014-10-13 14:36 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-10-13 14:31 - 2014-10-13 14:31 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
C:\Program Files (x86)\MyPC Backup\GetText.dll
C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
reboot:
end
*****************

"C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" => File/Directory not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
BackupStack => Service deleted successfully.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05A7AE4B-F942-4F09-8D12-8A133C7E8DE4}" => Key not found.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65E65193-D58A-4831-815F-310AA6B43D26}" => Key not found.
C:\Windows\System32\Tasks\LaunchSignup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key not found.
"C:\Program Files (x86)\MyPC Backup\GetText.dll" => File/Directory not found.
"C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll" => File/Directory not found.
"C:\Program Files (x86)\MyPC Backup\GetText.dll" => File/Directory not found.
"C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll" => File/Directory not found.

The system needed a reboot.

==== End of Fixlog ====


  • 0

#23
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

Post a fresh FRST Log.
  • 0

#24
Grimseethe

Grimseethe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Hello,

Post a fresh FRST Log.

FRST log

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014
Ran by Grimseethe (administrator) on JAMIE on 02-11-2014 09:26:00
Running from C:\Users\Grimseethe\Desktop
Loaded Profile: Grimseethe (Available profiles: Grimseethe)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [855608 2007-09-27] (Microsoft Corporation)
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-10-24] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1529992669-352850834-4173221306-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-1529992669-352850834-4173221306-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
Startup: C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearc...3DB4BA6305A45A0
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {4B51C980-C6B0-11E1-9136-AED16088709B} URL = http://www.safesearc...3DB4BA6305A45A0
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search
SearchScopes: HKCU - {D2B51BD8-338B-46FC-81F0-EB5AD0C12908} URL = https://uk.search.ya...&p={searchTerms}
BHO: enterprise 1.1 -> {11111111-1111-1111-1111-110611211170} -> C:\Program Files (x86)\enterprise 1.1\enterprise 1.1-bho64.dll No File
BHO: HQuality-v3V01.11 -> {11111111-1111-1111-1111-110611291198} -> C:\Program Files (x86)\HQuality-v3V01.11\HQuality-v3V01.11-bho64.dll No File
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: enterprise 1.1 -> {11111111-1111-1111-1111-110611211170} -> C:\Program Files (x86)\enterprise 1.1\enterprise 1.1-bho.dll No File
BHO-x32: HQuality-v3V01.11 -> {11111111-1111-1111-1111-110611291198} -> C:\Program Files (x86)\HQuality-v3V01.11\HQuality-v3V01.11-bho.dll No File
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} https://catalog.upda...b?1410528890680
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] ()
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn [2014-10-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014-09-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014-09-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014-09-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014-09-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014-09-29]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Grimseethe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (GoSave) - C:\Users\Grimseethe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcokjblpachgjbipegjjbbbmhjnignk [2014-10-27]
CHR Extension: (No Name) - C:\Users\Grimseethe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmepfkpjangbajhmnkaghmajcncgekdp [2014-10-30]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho []
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-29]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [2014-09-29]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-07-09] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-01] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-01] (globalUpdate) [File not signed]
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-10-08] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-10-08] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 RzDxgk; C:\WINDOWS\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R1 RzFilter; C:\WINDOWS\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)
R3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [35496 2014-09-05] (Razer Inc)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 09:26 - 2014-11-02 09:26 - 00019167 _____ () C:\Users\Grimseethe\Desktop\FRST.txt
2014-11-01 23:08 - 2014-11-02 09:26 - 00000000 ____D () C:\FRST
2014-11-01 23:08 - 2014-11-01 23:08 - 02114048 _____ (Farbar) C:\Users\Grimseethe\Desktop\FRST64.exe
2014-11-01 15:08 - 2014-11-02 09:14 - 00005198 _____ () C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-11.job
2014-11-01 15:08 - 2014-11-02 09:14 - 00004852 _____ () C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-4.job
2014-11-01 15:08 - 2014-11-02 09:14 - 00004508 _____ () C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-3.job
2014-11-01 15:08 - 2014-11-02 09:14 - 00003472 _____ () C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-1.job
2014-11-01 15:08 - 2014-11-02 09:14 - 00002460 _____ () C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5_user.job
2014-11-01 15:08 - 2014-11-02 09:14 - 00002460 _____ () C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5.job
2014-11-01 15:08 - 2014-11-02 09:14 - 00002124 _____ () C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-2.job
2014-11-01 15:08 - 2014-11-01 15:08 - 00008202 _____ () C:\Windows\System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-11
2014-11-01 15:08 - 2014-11-01 15:08 - 00007856 _____ () C:\Windows\System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-4
2014-11-01 15:08 - 2014-11-01 15:08 - 00007512 _____ () C:\Windows\System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-3
2014-11-01 15:08 - 2014-11-01 15:08 - 00006476 _____ () C:\Windows\System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-1
2014-11-01 15:08 - 2014-11-01 15:08 - 00005464 _____ () C:\Windows\System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5
2014-11-01 15:08 - 2014-11-01 15:08 - 00005128 _____ () C:\Windows\System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-2
2014-11-01 15:06 - 2014-11-01 15:06 - 00000000 ____D () C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-11-01 09:08 - 2014-11-02 09:15 - 00001368 _____ () C:\Windows\Tasks\ITPCD.job
2014-11-01 09:08 - 2014-11-02 09:15 - 00001366 _____ () C:\Windows\Tasks\KSGF.job
2014-11-01 09:08 - 2014-11-01 15:08 - 02043824 _____ (HQuality3V01.11) C:\Users\Grimseethe\AppData\Roaming\KSGF.exe
2014-11-01 09:08 - 2014-11-01 15:08 - 01551792 _____ (HQuality3V01.11) C:\Users\Grimseethe\AppData\Roaming\ITPCD.exe
2014-11-01 09:08 - 2014-11-01 15:08 - 00004378 _____ () C:\Windows\System32\Tasks\KSGF
2014-11-01 09:08 - 2014-11-01 15:08 - 00004378 _____ () C:\Windows\System32\Tasks\ITPCD
2014-11-01 08:29 - 2014-11-02 09:14 - 00002454 _____ () C:\Windows\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-5_user.job
2014-11-01 08:29 - 2014-11-02 09:14 - 00002454 _____ () C:\Windows\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-5.job
2014-11-01 08:29 - 2014-11-01 08:29 - 00005458 _____ () C:\Windows\System32\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-5
2014-11-01 08:29 - 2014-11-01 08:29 - 00000000 ____D () C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2014-11-01 08:28 - 2014-11-02 09:14 - 00005192 _____ () C:\Windows\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-11.job
2014-11-01 08:28 - 2014-11-02 09:14 - 00004166 _____ () C:\Windows\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-4.job
2014-11-01 08:28 - 2014-11-02 09:14 - 00003124 _____ () C:\Windows\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-1.job
2014-11-01 08:28 - 2014-11-02 09:14 - 00002118 _____ () C:\Windows\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-2.job
2014-11-01 08:28 - 2014-11-01 08:29 - 00005122 _____ () C:\Windows\System32\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-2
2014-11-01 08:28 - 2014-11-01 08:28 - 00008196 _____ () C:\Windows\System32\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-11
2014-11-01 08:28 - 2014-11-01 08:28 - 00007170 _____ () C:\Windows\System32\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-4
2014-11-01 08:28 - 2014-11-01 08:28 - 00006128 _____ () C:\Windows\System32\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-1
2014-11-01 08:28 - 2014-11-01 08:28 - 00000000 ____D () C:\Users\Grimseethe\AppData\Roaming\Paltalk
2014-11-01 08:28 - 2014-11-01 08:28 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-11-01 08:26 - 2014-11-01 08:28 - 00000165 _____ () C:\Windows\Reimage.ini
2014-11-01 08:26 - 2013-08-22 18:09 - 00217176 _____ () C:\Windows\SysWOW64\unrar.dll
2014-10-30 18:08 - 2014-11-02 09:15 - 00001716 _____ () C:\Windows\Tasks\JXRMXLX.job
2014-10-30 18:08 - 2014-11-02 09:15 - 00001362 _____ () C:\Windows\Tasks\TD.job
2014-10-30 18:08 - 2014-11-02 09:14 - 00000980 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-10-30 18:08 - 2014-11-01 15:13 - 00000984 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-10-30 18:08 - 2014-11-01 15:08 - 00003956 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-10-30 18:08 - 2014-11-01 15:08 - 00003720 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-10-30 18:08 - 2014-10-30 18:08 - 01985456 _____ (HQuality3V30.10) C:\Users\Grimseethe\AppData\Roaming\JXRMXLX.exe
2014-10-30 18:08 - 2014-10-30 18:08 - 01500080 _____ (HQuality3V30.10) C:\Users\Grimseethe\AppData\Roaming\TD.exe
2014-10-30 18:08 - 2014-10-30 18:08 - 00004726 _____ () C:\Windows\System32\Tasks\JXRMXLX
2014-10-30 18:08 - 2014-10-30 18:08 - 00004374 _____ () C:\Windows\System32\Tasks\TD
2014-10-30 18:08 - 2014-10-30 18:08 - 00000000 ____D () C:\Users\Grimseethe\AppData\Local\globalUpdate
2014-10-30 09:09 - 2014-10-30 09:09 - 00000299 _____ () C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2014-10-29 08:46 - 2014-10-29 08:46 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-10-29 08:45 - 2014-10-29 08:45 - 05952624 _____ ( ) C:\Users\Grimseethe\Documents\adblockplusie-1.2.exe
2014-10-28 14:19 - 2014-10-28 14:20 - 00028145 _____ () C:\Users\Grimseethe\Documents\Addition.txt
2014-10-27 11:47 - 2014-10-29 08:02 - 00000000 ____D () C:\ProgramData\YoutubeAdBlocke
2014-10-27 11:46 - 2014-10-29 08:11 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-10-27 11:46 - 2014-10-29 08:01 - 00000000 ____D () C:\ProgramData\fc1bd4f40e0c0325
2014-10-27 11:46 - 2014-10-27 11:46 - 00000000 ____D () C:\Users\Grimseethe\AppData\Local\Torch
2014-10-27 11:46 - 2014-10-27 11:46 - 00000000 ____D () C:\Users\Grimseethe\AppData\Local\Comodo
2014-10-27 11:46 - 2014-10-27 11:46 - 00000000 ____D () C:\Users\Grimseethe\AppData\Local\Chromatic Browser
2014-10-27 11:46 - 2014-10-27 11:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-10-27 11:46 - 2014-10-27 11:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-10-27 11:46 - 2014-10-27 11:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-10-27 11:46 - 2014-10-27 11:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-10-27 11:46 - 2014-10-27 11:46 - 00000000 ____D () C:\Users\Administrator
2014-10-27 11:45 - 2014-10-27 11:45 - 00000180 _____ () C:\Users\Grimseethe\Desktop.lnk
2014-10-27 11:02 - 2014-10-27 11:02 - 01706144 _____ (Thisisu) C:\Users\Grimseethe\Documents\JRT.exe
2014-10-27 11:02 - 2014-10-27 11:02 - 00014130 _____ () C:\Users\Grimseethe\Documents\Adwcleaner.txt
2014-10-27 10:46 - 2014-10-27 10:46 - 01998336 _____ () C:\Users\Grimseethe\Documents\adwcleaner_4.002.exe
2014-10-26 10:10 - 2014-10-26 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-10-26 09:21 - 2014-10-26 09:21 - 00000000 _____ () C:\autoexec.bat
2014-10-26 06:20 - 2014-10-26 09:15 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-26 06:20 - 2014-10-26 06:20 - 11194928 _____ (SurfRight B.V.) C:\Users\Grimseethe\Documents\HitmanPro_x64.exe
2014-10-26 06:17 - 2014-10-26 09:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 06:16 - 2014-10-26 06:16 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Grimseethe\Documents\mbam-setup-2.0.3.1025.exe
2014-10-26 06:16 - 2014-10-26 06:16 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-26 06:16 - 2014-10-26 06:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-26 06:16 - 2014-10-26 06:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-26 06:16 - 2014-10-26 06:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-26 06:16 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-26 06:16 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-26 06:16 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-26 06:12 - 2014-10-26 06:12 - 00000000 ____D () C:\Windows\ERUNT
2014-10-26 06:09 - 2014-10-27 11:02 - 00000000 ____D () C:\AdwCleaner
2014-10-25 20:07 - 2014-10-25 20:07 - 00003402 _____ () C:\Windows\System32\Tasks\DonutQuotes
2014-10-24 20:06 - 2014-10-24 20:06 - 00000000 ____D () C:\ProgramData\SafeUpdaterData
2014-10-24 17:06 - 2014-10-24 17:06 - 00000000 ____D () C:\Windows\System32\Tasks\SystemOperations
2014-10-24 17:06 - 2014-10-24 17:06 - 00000000 ____D () C:\ProgramData\SystemOperations
2014-10-24 16:45 - 2014-11-01 14:44 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9F381E5E-2074-4B46-83AC-8A153D1A2FB7}
2014-10-24 16:32 - 2014-10-24 16:32 - 00000000 ____D () C:\Users\Grimseethe\AppData\Roaming\GameOff
2014-10-19 13:54 - 2014-10-19 13:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-18 18:37 - 2014-10-18 18:37 - 00000000 ____D () C:\ProgramData\Creative Labs
2014-10-18 18:18 - 2014-10-25 20:39 - 00000000 ____D () C:\Users\Grimseethe\Documents\The Lord of the Rings Online
2014-10-18 18:18 - 2014-10-19 08:35 - 00002061 _____ () C:\Users\Grimseethe\Desktop\The Lord of the Rings Online™.lnk
2014-10-18 18:14 - 2014-10-18 18:14 - 08711768 _____ () C:\Users\Grimseethe\Documents\LOTROProgressive_4.28.exe
2014-10-18 18:14 - 2014-10-18 18:14 - 00000000 ____D () C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud
2014-10-18 17:26 - 2014-10-18 17:26 - 00000222 _____ () C:\Users\Grimseethe\Desktop\RPG Maker VX Ace.url
2014-10-16 08:40 - 2014-09-27 22:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 08:40 - 2014-09-04 00:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-16 08:40 - 2014-09-03 23:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-16 08:40 - 2014-09-03 23:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-16 08:39 - 2014-09-08 03:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-16 08:39 - 2014-09-08 01:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-16 08:39 - 2014-09-08 01:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-16 08:39 - 2014-09-08 00:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-16 08:39 - 2014-09-08 00:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-16 08:39 - 2014-09-08 00:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-16 08:39 - 2014-09-08 00:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-16 08:39 - 2014-09-08 00:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-16 08:39 - 2014-09-08 00:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-16 08:39 - 2014-09-08 00:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-16 08:39 - 2014-09-07 23:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-16 08:39 - 2014-09-07 23:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-16 08:39 - 2014-09-07 23:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-16 08:39 - 2014-09-07 23:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-16 08:38 - 2014-09-25 22:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 08:38 - 2014-09-25 22:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 08:38 - 2014-09-25 22:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 08:38 - 2014-09-25 22:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 08:38 - 2014-09-25 22:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 08:38 - 2014-09-25 22:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 08:38 - 2014-09-19 02:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 08:38 - 2014-09-19 01:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 08:38 - 2014-09-19 01:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 08:38 - 2014-09-19 01:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 08:38 - 2014-09-19 01:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 08:38 - 2014-09-19 01:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 08:38 - 2014-09-19 01:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 08:38 - 2014-09-19 01:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 08:38 - 2014-09-19 01:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 08:38 - 2014-09-19 01:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 08:38 - 2014-09-19 00:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 08:38 - 2014-09-19 00:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 08:38 - 2014-09-19 00:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 08:38 - 2014-09-19 00:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 08:38 - 2014-09-19 00:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 08:38 - 2014-09-19 00:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 08:38 - 2014-09-19 00:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 08:38 - 2014-09-19 00:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 08:38 - 2014-09-19 00:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 08:38 - 2014-09-19 00:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 08:38 - 2014-09-18 23:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 08:38 - 2014-09-18 23:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 08:38 - 2014-09-18 23:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 08:38 - 2014-09-18 23:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 08:38 - 2014-09-13 06:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 08:38 - 2014-09-13 05:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 08:37 - 2014-09-04 00:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 08:37 - 2014-09-04 00:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 08:37 - 2014-08-16 04:08 - 21195616 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-16 08:37 - 2014-08-16 04:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-10-16 08:37 - 2014-08-16 04:01 - 01710184 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-16 08:37 - 2014-08-16 03:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-16 08:37 - 2014-08-16 03:57 - 02498880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-16 08:37 - 2014-08-16 03:57 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-16 08:37 - 2014-08-16 03:16 - 18722600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-16 08:37 - 2014-08-16 03:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-10-16 08:37 - 2014-08-16 03:03 - 01467384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-16 08:37 - 2014-08-16 01:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-16 08:37 - 2014-08-16 01:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-10-16 08:37 - 2014-08-16 00:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-10-16 08:37 - 2014-08-16 00:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-10-16 08:37 - 2014-08-16 00:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2014-10-16 08:37 - 2014-08-16 00:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-10-16 08:37 - 2014-08-16 00:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2014-10-16 08:37 - 2014-08-16 00:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-10-16 08:37 - 2014-08-16 00:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-10-16 08:37 - 2014-08-16 00:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-10-16 08:37 - 2014-08-16 00:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-16 08:37 - 2014-08-16 00:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-10-16 08:37 - 2014-08-16 00:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-10-16 08:37 - 2014-08-16 00:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-10-16 08:37 - 2014-08-16 00:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-16 08:37 - 2014-08-16 00:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-10-16 08:37 - 2014-08-16 00:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-10-16 08:37 - 2014-08-16 00:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-10-16 08:37 - 2014-08-16 00:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 08:37 - 2014-08-16 00:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-10-16 08:37 - 2014-08-16 00:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-10-16 08:37 - 2014-08-16 00:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-10-16 08:37 - 2014-08-16 00:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-10-16 08:37 - 2014-08-16 00:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 08:37 - 2014-08-16 00:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-10-16 08:37 - 2014-07-31 23:22 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-16 08:36 - 2014-10-09 22:16 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 08:36 - 2014-10-08 22:09 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 08:36 - 2014-09-19 01:24 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 08:36 - 2014-09-13 06:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 08:36 - 2014-09-13 05:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 08:36 - 2014-08-29 01:58 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-10-16 08:36 - 2014-08-28 23:56 - 02646016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-16 08:36 - 2014-08-28 23:47 - 02321920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-15 08:58 - 2014-10-15 08:58 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-15 08:58 - 2014-10-15 08:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-15 08:58 - 2014-10-15 08:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-15 08:58 - 2014-10-15 08:58 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-15 08:58 - 2014-10-15 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-15 08:58 - 2014-10-15 08:58 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-11 17:28 - 2014-10-26 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-09 09:07 - 2014-10-09 09:07 - 00089088 _____ (Razer Inc) C:\Windows\SysWOW64\rzdevinfo.dll
2014-10-08 18:17 - 2014-10-08 18:17 - 00000000 _____ () C:\Users\Grimseethe\AppData\Local\{D3D922EF-DC66-4437-9B46-B51D5B83DD94}
2014-10-07 10:36 - 2014-10-07 10:36 - 133616624 _____ () C:\Users\Grimseethe\Documents\Apache_OpenOffice_4.1.1_Win_x86_install_en-GB.exe
2014-10-04 18:03 - 2014-10-04 18:03 - 00000000 ____D () C:\Users\Grimseethe\AppData\Local\Funcom

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 09:26 - 2013-10-29 18:25 - 00000000 ____D () C:\Users\Grimseethe\AppData\Local\Battle.net
2014-11-02 09:20 - 2013-07-09 17:42 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1529992669-352850834-4173221306-1001
2014-11-02 09:19 - 2013-07-23 10:28 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-02 09:15 - 2013-10-24 22:44 - 01955742 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 09:15 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-02 09:14 - 2014-09-29 14:39 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-02 09:14 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru
2014-11-02 09:14 - 2013-07-23 10:28 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-01 23:10 - 2013-09-29 20:03 - 01442316 _____ () C:\Windows\PFRO.log
2014-11-01 23:10 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-01 21:47 - 2013-08-19 21:45 - 00000000 ____D () C:\ProgramData\HappyCloud
2014-11-01 15:38 - 2013-07-14 09:41 - 00000000 ____D () C:\Users\Grimseethe\AppData\Local\CrashDumps
2014-11-01 15:08 - 2013-07-23 10:28 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-01 08:42 - 2013-09-30 04:11 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-01 08:36 - 2013-08-22 14:44 - 00509888 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-01 08:35 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-31 23:32 - 2014-02-08 11:52 - 00000000 ___RD () C:\Users\Grimseethe\Documents\File001
2014-10-31 10:28 - 2013-07-10 10:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-31 10:10 - 2013-10-24 22:48 - 00000000 ____D () C:\Users\Grimseethe
2014-10-30 18:34 - 2013-07-09 18:18 - 01138688 ___SH () C:\Users\Grimseethe\Documents\Thumbs.db
2014-10-30 16:59 - 2014-04-22 14:30 - 00412720 _____ () C:\Windows\DPINST.LOG
2014-10-30 12:50 - 2014-04-13 08:56 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-10-29 18:42 - 2013-09-06 12:52 - 00000000 ____D () C:\Users\Grimseethe\Documents\Jamie CV
2014-10-29 17:01 - 2014-08-30 12:46 - 00000000 ____D () C:\Users\Grimseethe\AppData\Roaming\vlc
2014-10-29 08:11 - 2013-10-24 23:02 - 00000290 __RSH () C:\Users\Grimseethe\ntuser.pol
2014-10-29 08:10 - 2012-07-26 08:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-28 19:18 - 2013-09-16 15:22 - 00000000 ____D () C:\Users\Grimseethe\AppData\Roaming\Awesomium
2014-10-27 13:00 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-27 11:46 - 2013-07-23 10:28 - 00000000 ____D () C:\Users\Grimseethe\AppData\Local\Google
2014-10-26 12:46 - 2013-08-22 15:36 - 00000000 ___RD () C:\Windows\DesktopTileResources
2014-10-26 12:22 - 2013-08-22 15:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-26 11:53 - 2014-03-28 11:30 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-26 11:53 - 2014-03-28 11:30 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-26 11:53 - 2013-07-09 18:06 - 00000000 ____D () C:\ProgramData\Skype
2014-10-26 06:36 - 2013-08-22 15:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-10-26 04:27 - 2014-07-31 06:27 - 00000096 _____ () C:\Users\Grimseethe\AppData\Roaming\WB.CFG
2014-10-24 11:16 - 2014-04-13 08:55 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-18 18:21 - 2013-07-09 18:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-18 18:15 - 2014-03-05 13:58 - 00000000 ___RD () C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbine
2014-10-18 18:15 - 2013-08-19 21:46 - 00000000 ____D () C:\ProgramData\Turbine
2014-10-18 10:19 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\rescache
2014-10-17 18:14 - 2013-07-23 10:28 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 18:14 - 2013-07-23 10:28 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 13:12 - 2013-08-22 15:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-17 13:12 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\WinStore
2014-10-17 13:12 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2014-10-17 13:12 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\en-GB
2014-10-17 13:12 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-17 13:12 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-17 13:12 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\Camera
2014-10-17 09:00 - 2012-07-26 07:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-17 08:58 - 2013-07-19 16:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 08:56 - 2013-07-11 07:57 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-17 08:55 - 2014-07-10 17:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 07:18 - 2013-07-09 18:06 - 00000000 ____D () C:\Users\Grimseethe\AppData\Roaming\Skype
2014-10-15 08:58 - 2013-09-24 16:54 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-11 16:39 - 2013-08-22 14:46 - 00337302 _____ () C:\Windows\setupact.log
2014-10-08 08:07 - 2014-09-29 14:39 - 00771272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-10-08 08:07 - 2014-09-29 14:39 - 00142344 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-10-06 07:26 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-04 20:42 - 2014-09-06 17:08 - 00000000 ____D () C:\Users\Grimseethe\AppData\Local\Glyph
2014-10-04 18:03 - 2014-01-13 10:10 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-04 06:42 - 2014-07-29 17:58 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-10-04 06:42 - 2013-11-09 15:36 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-10-04 06:41 - 2014-07-29 17:58 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-10-04 06:41 - 2013-11-09 15:36 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

Some content of TEMP:
====================
C:\Users\Grimseethe\AppData\Local\Temp\CloudBackup1318.exe
C:\Users\Grimseethe\AppData\Local\Temp\CloudBackup1664.exe
C:\Users\Grimseethe\AppData\Local\Temp\CloudBackup2245.exe
C:\Users\Grimseethe\AppData\Local\Temp\CloudBackup2818.exe
C:\Users\Grimseethe\AppData\Local\Temp\CloudBackup3099.exe
C:\Users\Grimseethe\AppData\Local\Temp\CloudBackup3107.exe
C:\Users\Grimseethe\AppData\Local\Temp\CloudBackup3308.exe
C:\Users\Grimseethe\AppData\Local\Temp\CloudBackup3772.exe
C:\Users\Grimseethe\AppData\Local\Temp\CloudBackup5617.exe
C:\Users\Grimseethe\AppData\Local\Temp\CloudBackup6112.exe
C:\Users\Grimseethe\AppData\Local\Temp\CloudBackup6153.exe
C:\Users\Grimseethe\AppData\Local\Temp\CloudBackup7881.exe
C:\Users\Grimseethe\AppData\Local\Temp\CloudBackup901.exe
C:\Users\Grimseethe\AppData\Local\Temp\CloudBackup9211.exe
C:\Users\Grimseethe\AppData\Local\Temp\CloudBackup9578.exe
C:\Users\Grimseethe\AppData\Local\Temp\enfor_mation2.exe
C:\Users\Grimseethe\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Grimseethe\AppData\Local\Temp\ReimageRepair.exe
C:\Users\Grimseethe\AppData\Local\Temp\SetupCheck_0647.exe
C:\Users\Grimseethe\AppData\Local\Temp\SetupCheck_12647.exe
C:\Users\Grimseethe\AppData\Local\Temp\SetupCheck_12649.exe
C:\Users\Grimseethe\AppData\Local\Temp\SetupCheck_15643.exe
C:\Users\Grimseethe\AppData\Local\Temp\SetupCheck_15647.exe
C:\Users\Grimseethe\AppData\Local\Temp\SetupCheck_15651.exe
C:\Users\Grimseethe\AppData\Local\Temp\SetupCheck_1572.exe
C:\Users\Grimseethe\AppData\Local\Temp\SetupCheck_18645.exe
C:\Users\Grimseethe\AppData\Local\Temp\SetupCheck_18650.exe
C:\Users\Grimseethe\AppData\Local\Temp\SetupCheck_18651.exe
C:\Users\Grimseethe\AppData\Local\Temp\SetupCheck_21654.exe
C:\Users\Grimseethe\AppData\Local\Temp\SetupCheck_9647.exe
C:\Users\Grimseethe\AppData\Local\Temp\SetupCheck_9648.exe
C:\Users\Grimseethe\AppData\Local\Temp\SetupCheck_9651.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_061.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_0628.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_074.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_1261.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_12628.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_12631.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_1265.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_1274.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_1561.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_15624.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_15628.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_1563.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_15630.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_15635.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_15719.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_1574.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_1579.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_1861.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_18626.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_18630.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_18631.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_1865.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_1876.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_2161.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_21632.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_961.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_9627.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_9628.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_9630.exe
C:\Users\Grimseethe\AppData\Local\Temp\Setup_975.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-01 10:09

==================== End Of Log ============================


  • 0

#25
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

A few items to fix:

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1529992669-352850834-4173221306-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (No File)
BHO: enterprise 1.1 -> {11111111-1111-1111-1111-110611211170} -> C:\Program Files (x86)\enterprise 1.1\enterprise 1.1-bho64.dll No File
BHO: HQuality-v3V01.11 -> {11111111-1111-1111-1111-110611291198} -> C:\Program Files (x86)\HQuality-v3V01.11\HQuality-v3V01.11-bho64.dll No File
BHO-x32: enterprise 1.1 -> {11111111-1111-1111-1111-110611211170} -> C:\Program Files (x86)\enterprise 1.1\enterprise 1.1-bho.dll No File
BHO-x32: HQuality-v3V01.11 -> {11111111-1111-1111-1111-110611291198} -> C:\Program Files (x86)\HQuality-v3V01.11\HQuality-v3V01.11-bho.dll No File
2014-11-01 15:06 - 2014-11-01 15:06 - 00000000 ____D () C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
C:\Users\Grimseethe\AppData\Local\Temp\enfor_mation2.exe
CHR Extension: (GoSave) - C:\Users\Grimseethe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcokjblpachgjbipegjjbbbmhjnignk [2014-10-27]
2014-10-27 11:47 - 2014-10-29 08:02 - 00000000 ____D () C:\ProgramData\YoutubeAdBlocke
2014-11-01 09:08 - 2014-11-01 15:08 - 02043824 _____ (HQuality3V01.11) C:\Users\Grimseethe\AppData\Roaming\KSGF.exe
2014-11-01 09:08 - 2014-11-01 15:08 - 01551792 _____ (HQuality3V01.11) C:\Users\Grimseethe\AppData\Roaming\ITPCD.exe
2014-11-01 09:08 - 2014-11-01 15:08 - 00004378 _____ () C:\Windows\System32\Tasks\KSGF
2014-11-01 09:08 - 2014-11-01 15:08 - 00004378 _____ () C:\Windows\System32\Tasks\ITPCD

reboot:
emptytemp:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

Advertisements


#26
Grimseethe

Grimseethe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Hello,

A few items to fix:

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.



start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1529992669-352850834-4173221306-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (No File)
BHO: enterprise 1.1 -> {11111111-1111-1111-1111-110611211170} -> C:\Program Files (x86)\enterprise 1.1\enterprise 1.1-bho64.dll No File
BHO: HQuality-v3V01.11 -> {11111111-1111-1111-1111-110611291198} -> C:\Program Files (x86)\HQuality-v3V01.11\HQuality-v3V01.11-bho64.dll No File
BHO-x32: enterprise 1.1 -> {11111111-1111-1111-1111-110611211170} -> C:\Program Files (x86)\enterprise 1.1\enterprise 1.1-bho.dll No File
BHO-x32: HQuality-v3V01.11 -> {11111111-1111-1111-1111-110611291198} -> C:\Program Files (x86)\HQuality-v3V01.11\HQuality-v3V01.11-bho.dll No File
2014-11-01 15:06 - 2014-11-01 15:06 - 00000000 ____D () C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
C:\Users\Grimseethe\AppData\Local\Temp\enfor_mation2.exe
CHR Extension: (GoSave) - C:\Users\Grimseethe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcokjblpachgjbipegjjbbbmhjnignk [2014-10-27]
2014-10-27 11:47 - 2014-10-29 08:02 - 00000000 ____D () C:\ProgramData\YoutubeAdBlocke
2014-11-01 09:08 - 2014-11-01 15:08 - 02043824 _____ (HQuality3V01.11) C:\Users\Grimseethe\AppData\Roaming\KSGF.exe
2014-11-01 09:08 - 2014-11-01 15:08 - 01551792 _____ (HQuality3V01.11) C:\Users\Grimseethe\AppData\Roaming\ITPCD.exe
2014-11-01 09:08 - 2014-11-01 15:08 - 00004378 _____ () C:\Windows\System32\Tasks\KSGF
2014-11-01 09:08 - 2014-11-01 15:08 - 00004378 _____ () C:\Windows\System32\Tasks\ITPCD

reboot:
emptytemp:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

 

Fix log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Grimseethe at 2014-11-03 09:41:16 Run:2
Running from C:\Users\Grimseethe\Desktop
Loaded Profile: Grimseethe (Available profiles: Grimseethe)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1529992669-352850834-4173221306-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (No File)
BHO: enterprise 1.1 -> {11111111-1111-1111-1111-110611211170} -> C:\Program Files (x86)\enterprise 1.1\enterprise 1.1-bho64.dll No File
BHO: HQuality-v3V01.11 -> {11111111-1111-1111-1111-110611291198} -> C:\Program Files (x86)\HQuality-v3V01.11\HQuality-v3V01.11-bho64.dll No File
BHO-x32: enterprise 1.1 -> {11111111-1111-1111-1111-110611211170} -> C:\Program Files (x86)\enterprise 1.1\enterprise 1.1-bho.dll No File
BHO-x32: HQuality-v3V01.11 -> {11111111-1111-1111-1111-110611291198} -> C:\Program Files (x86)\HQuality-v3V01.11\HQuality-v3V01.11-bho.dll No File
2014-11-01 15:06 - 2014-11-01 15:06 - 00000000 ____D () C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
C:\Users\Grimseethe\AppData\Local\Temp\enfor_mation2.exe
CHR Extension: (GoSave) - C:\Users\Grimseethe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcokjblpachgjbipegjjbbbmhjnignk [2014-10-27]
2014-10-27 11:47 - 2014-10-29 08:02 - 00000000 ____D () C:\ProgramData\YoutubeAdBlocke
2014-11-01 09:08 - 2014-11-01 15:08 - 02043824 _____ (HQuality3V01.11) C:\Users\Grimseethe\AppData\Roaming\KSGF.exe
2014-11-01 09:08 - 2014-11-01 15:08 - 01551792 _____ (HQuality3V01.11) C:\Users\Grimseethe\AppData\Roaming\ITPCD.exe
2014-11-01 09:08 - 2014-11-01 15:08 - 00004378 _____ () C:\Windows\System32\Tasks\KSGF
2014-11-01 09:08 - 2014-11-01 15:08 - 00004378 _____ () C:\Windows\System32\Tasks\ITPCD

reboot:
emptytemp:
end
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1529992669-352850834-4173221306-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe not found.
C:\Program Files (x86)\Paltalk Messenger\paltalk.exe not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611211170}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110611211170}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611291198}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110611291198}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611211170}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611211170}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611291198}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611291198}" => Key deleted successfully.
"C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup" => File/Directory not found.
C:\Users\Grimseethe\AppData\Local\Temp\enfor_mation2.exe => Moved successfully.
C:\Users\Grimseethe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcokjblpachgjbipegjjbbbmhjnignk => Moved successfully.
C:\ProgramData\YoutubeAdBlocke => Moved successfully.
C:\Users\Grimseethe\AppData\Roaming\KSGF.exe => Moved successfully.
C:\Users\Grimseethe\AppData\Roaming\ITPCD.exe => Moved successfully.
C:\Windows\System32\Tasks\KSGF => Moved successfully.
C:\Windows\System32\Tasks\ITPCD => Moved successfully.
EmptyTemp: => Removed 895.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====


  • 0

#27
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

I need a new FRST Log and Additions.txt log too

To do that:

Open FRST on the desktop, right click run as administrator. Make sure the additions.txt box at the bottom is checked so it creates that particular log , then run a scan post both log reports in your next reply to me.

Thanks
Joe :)
  • 0

#28
Grimseethe

Grimseethe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
zep516, on 04 Nov 2014 - 12:27 AM, said:

Hello,

I need a new FRST Log and Additions.txt log too

To do that:

Open FRST on the desktop, right click run as administrator. Make sure the additions.txt box at the bottom is checked so it creates that particular log , then run a scan post both log reports in your next reply to me.

Thanks
Joe :)

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Grimseethe (administrator) on JAMIE on 04-11-2014 07:35:50
Running from C:\Users\Grimseethe\Desktop
Loaded Profile: Grimseethe (Available profiles: Grimseethe)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [855608 2007-09-27] (Microsoft Corporation)
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-10-24] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1529992669-352850834-4173221306-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938624 2014-10-21] (Valve Corporation)
Startup: C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
Startup: C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearc...3DB4BA6305A45A0
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {4B51C980-C6B0-11E1-9136-AED16088709B} URL = http://www.safesearc...3DB4BA6305A45A0
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search
SearchScopes: HKCU - {D2B51BD8-338B-46FC-81F0-EB5AD0C12908} URL = https://uk.search.ya...&p={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} https://catalog.upda...b?1410528890680
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] ()
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn [2014-10-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014-09-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014-09-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014-09-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014-09-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014-09-29]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Grimseethe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Grimseethe\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck [2014-11-03]
CHR Extension: (No Name) - C:\Users\Grimseethe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmepfkpjangbajhmnkaghmajcncgekdp [2014-10-30]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho []
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-29]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [2014-09-29]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-07-09] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X] <==== ATTENTION
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-10-08] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-10-08] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 RzDxgk; C:\WINDOWS\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R1 RzFilter; C:\WINDOWS\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)
R3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [35496 2014-09-05] (Razer Inc)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 07:35 - 2014-11-04 07:36 - 00018401 _____ () C:\Users\Grimseethe\Desktop\FRST.txt
2014-11-03 15:06 - 2014-11-03 15:06 - 00000000 ____D () C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-11-02 12:06 - 2014-11-03 21:06 - 00004028 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-11-01 23:08 - 2014-11-04 07:35 - 00000000 ____D () C:\FRST
2014-11-01 23:08 - 2014-11-03 09:41 - 02114560 _____ (Farbar) C:\Users\Grimseethe\Desktop\FRST64.exe
2014-11-01 15:08 - 2014-11-04 07:30 - 00005198 _____ () C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-11.job
2014-11-01 15:08 - 2014-11-04 07:30 - 00004852 _____ () C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-4.job
2014-11-01 15:08 - 2014-11-04 07:30 - 00004508 _____ () C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-3.job
2014-11-01 15:08 - 2014-11-04 07:30 - 00003472 _____ () C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-1.job
2014-11-01 15:08 - 2014-11-04 07:30 - 00002460 _____ () C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5_user.job
2014-11-01 15:08 - 2014-11-04 07:30 - 00002460 _____ () C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5.job
2014-11-01 15:08 - 2014-11-04 07:30 - 00002124 _____ () C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-2.job
2014-11-01 15:08 - 2014-11-01 15:08 - 00008202 _____ () C:\Windows\System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-11
2014-11-01 15:08 - 2014-11-01 15:08 - 00007856 _____ () C:\Windows\System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-4
2014-11-01 15:08 - 2014-11-01 15:08 - 00007512 _____ () C:\Windows\System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-3
2014-11-01 15:08 - 2014-11-01 15:08 - 00006476 _____ () C:\Windows\System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-1
2014-11-01 15:08 - 2014-11-01 15:08 - 00005464 _____ () C:\Windows\System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5
2014-11-01 15:08 - 2014-11-01 15:08 - 00005128 _____ () C:\Windows\System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-2
2014-11-01 09:08 - 2014-11-04 07:30 - 00001368 _____ () C:\Windows\Tasks\ITPCD.job
2014-11-01 09:08 - 2014-11-04 07:30 - 00001366 _____ () C:\Windows\Tasks\KSGF.job
2014-11-01 08:29 - 2014-11-04 07:30 - 00002454 _____ () C:\Windows\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-5_user.job
2014-11-01 08:29 - 2014-11-04 07:30 - 00002454 _____ () C:\Windows\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-5.job
2014-11-01 08:29 - 2014-11-01 08:29 - 00005458 _____ () C:\Windows\System32\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-5
2014-11-01 08:29 - 2014-11-01 08:29 - 00000000 ____D () C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2014-11-01 08:28 - 2014-11-04 07:30 - 00005192 _____ () C:\Windows\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-11.job
2014-11-01 08:28 - 2014-11-04 07:30 - 00004166 _____ () C:\Windows\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-4.job
2014-11-01 08:28 - 2014-11-04 07:30 - 00003124 _____ () C:\Windows\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-1.job
2014-11-01 08:28 - 2014-11-04 07:30 - 00002118 _____ () C:\Windows\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-2.job
2014-11-01 08:28 - 2014-11-01 08:29 - 00005122 _____ () C:\Windows\System32\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-2
2014-11-01 08:28 - 2014-11-01 08:28 - 00008196 _____ () C:\Windows\System32\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-11
2014-11-01 08:28 - 2014-11-01 08:28 - 00007170 _____ () C:\Windows\System32\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-4
2014-11-01 08:28 - 2014-11-01 08:28 - 00006128 _____ () C:\Windows\System32\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-1
2014-11-01 08:28 - 2014-11-01 08:28 - 00000000 ____D () C:\Users\Grimseethe\AppData\Roaming\Paltalk
2014-11-01 08:26 - 2014-11-01 08:28 - 00000165 _____ () C:\Windows\Reimage.ini
2014-11-01 08:26 - 2013-08-22 18:09 - 00217176 _____ () C:\Windows\SysWOW64\unrar.dll
2014-10-30 18:08 - 2014-11-04 07:30 - 00000980 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-10-30 18:08 - 2014-11-03 21:13 - 00000984 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-10-30 18:08 - 2014-11-01 15:08 - 00003956 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-10-30 18:08 - 2014-11-01 15:08 - 00003720 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-10-30 18:08 - 2014-10-30 18:08 - 00000000 ____D () C:\Users\Grimseethe\AppData\Local\globalUpdate
2014-10-30 09:09 - 2014-10-30 09:09 - 00000299 _____ () C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2014-10-29 08:46 - 2014-10-29 08:46 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-10-29 08:45 - 2014-10-29 08:45 - 05952624 _____ ( ) C:\Users\Grimseethe\Documents\adblockplusie-1.2.exe
2014-10-28 14:19 - 2014-10-28 14:20 - 00028145 _____ () C:\Users\Grimseethe\Documents\Addition.txt
2014-10-27 11:46 - 2014-10-29 08:11 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-10-27 11:46 - 2014-10-29 08:01 - 00000000 ____D () C:\ProgramData\fc1bd4f40e0c0325
2014-10-27 11:46 - 2014-10-27 11:46 - 00000000 ____D () C:\Users\Grimseethe\AppData\Local\Torch
2014-10-27 11:46 - 2014-10-27 11:46 - 00000000 ____D () C:\Users\Grimseethe\AppData\Local\Comodo
2014-10-27 11:46 - 2014-10-27 11:46 - 00000000 ____D () C:\Users\Grimseethe\AppData\Local\Chromatic Browser
2014-10-27 11:46 - 2014-10-27 11:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-10-27 11:46 - 2014-10-27 11:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-10-27 11:46 - 2014-10-27 11:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-10-27 11:46 - 2014-10-27 11:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-10-27 11:46 - 2014-10-27 11:46 - 00000000 ____D () C:\Users\Administrator
2014-10-27 11:45 - 2014-10-27 11:45 - 00000180 _____ () C:\Users\Grimseethe\Desktop.lnk
2014-10-27 11:02 - 2014-10-27 11:02 - 01706144 _____ (Thisisu) C:\Users\Grimseethe\Documents\JRT.exe
2014-10-27 11:02 - 2014-10-27 11:02 - 00014130 _____ () C:\Users\Grimseethe\Documents\Adwcleaner.txt
2014-10-27 10:46 - 2014-10-27 10:46 - 01998336 _____ () C:\Users\Grimseethe\Documents\adwcleaner_4.002.exe
2014-10-26 10:10 - 2014-10-26 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-10-26 09:21 - 2014-10-26 09:21 - 00000000 _____ () C:\autoexec.bat
2014-10-26 06:20 - 2014-10-26 09:15 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-26 06:20 - 2014-10-26 06:20 - 11194928 _____ (SurfRight B.V.) C:\Users\Grimseethe\Documents\HitmanPro_x64.exe
2014-10-26 06:17 - 2014-10-26 09:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 06:16 - 2014-10-26 06:16 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Grimseethe\Documents\mbam-setup-2.0.3.1025.exe
2014-10-26 06:16 - 2014-10-26 06:16 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-26 06:16 - 2014-10-26 06:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-26 06:16 - 2014-10-26 06:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-26 06:16 - 2014-10-26 06:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-26 06:16 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-26 06:16 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-26 06:16 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-26 06:12 - 2014-10-26 06:12 - 00000000 ____D () C:\Windows\ERUNT
2014-10-26 06:09 - 2014-10-27 11:02 - 00000000 ____D () C:\AdwCleaner
2014-10-25 20:07 - 2014-10-25 20:07 - 00003402 _____ () C:\Windows\System32\Tasks\DonutQuotes
2014-10-24 20:06 - 2014-10-24 20:06 - 00000000 ____D () C:\ProgramData\SafeUpdaterData
2014-10-24 17:06 - 2014-10-24 17:06 - 00000000 ____D () C:\Windows\System32\Tasks\SystemOperations
2014-10-24 17:06 - 2014-10-24 17:06 - 00000000 ____D () C:\ProgramData\SystemOperations
2014-10-24 16:45 - 2014-11-04 07:31 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9F381E5E-2074-4B46-83AC-8A153D1A2FB7}
2014-10-24 16:32 - 2014-10-24 16:32 - 00000000 ____D () C:\Users\Grimseethe\AppData\Roaming\GameOff
2014-10-19 13:54 - 2014-10-19 13:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-18 18:37 - 2014-10-18 18:37 - 00000000 ____D () C:\ProgramData\Creative Labs
2014-10-18 18:18 - 2014-10-25 20:39 - 00000000 ____D () C:\Users\Grimseethe\Documents\The Lord of the Rings Online
2014-10-18 18:18 - 2014-10-19 08:35 - 00002061 _____ () C:\Users\Grimseethe\Desktop\The Lord of the Rings Online™.lnk
2014-10-18 18:14 - 2014-10-18 18:14 - 08711768 _____ () C:\Users\Grimseethe\Documents\LOTROProgressive_4.28.exe
2014-10-18 18:14 - 2014-10-18 18:14 - 00000000 ____D () C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud
2014-10-18 17:26 - 2014-10-18 17:26 - 00000222 _____ () C:\Users\Grimseethe\Desktop\RPG Maker VX Ace.url
2014-10-16 08:40 - 2014-09-27 22:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 08:40 - 2014-09-04 00:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-16 08:40 - 2014-09-03 23:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-16 08:40 - 2014-09-03 23:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-16 08:39 - 2014-09-08 03:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-16 08:39 - 2014-09-08 01:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-16 08:39 - 2014-09-08 01:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-16 08:39 - 2014-09-08 00:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-16 08:39 - 2014-09-08 00:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-16 08:39 - 2014-09-08 00:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-16 08:39 - 2014-09-08 00:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-16 08:39 - 2014-09-08 00:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-16 08:39 - 2014-09-08 00:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-16 08:39 - 2014-09-08 00:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-16 08:39 - 2014-09-07 23:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-16 08:39 - 2014-09-07 23:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-16 08:39 - 2014-09-07 23:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-16 08:39 - 2014-09-07 23:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-16 08:38 - 2014-09-25 22:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 08:38 - 2014-09-25 22:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 08:38 - 2014-09-25 22:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 08:38 - 2014-09-25 22:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 08:38 - 2014-09-25 22:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 08:38 - 2014-09-25 22:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 08:38 - 2014-09-19 02:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 08:38 - 2014-09-19 01:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 08:38 - 2014-09-19 01:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 08:38 - 2014-09-19 01:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 08:38 - 2014-09-19 01:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 08:38 - 2014-09-19 01:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 08:38 - 2014-09-19 01:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 08:38 - 2014-09-19 01:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 08:38 - 2014-09-19 01:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 08:38 - 2014-09-19 01:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 08:38 - 2014-09-19 00:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 08:38 - 2014-09-19 00:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 08:38 - 2014-09-19 00:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 08:38 - 2014-09-19 00:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 08:38 - 2014-09-19 00:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 08:38 - 2014-09-19 00:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 08:38 - 2014-09-19 00:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 08:38 - 2014-09-19 00:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 08:38 - 2014-09-19 00:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 08:38 - 2014-09-19 00:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 08:38 - 2014-09-18 23:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 08:38 - 2014-09-18 23:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 08:38 - 2014-09-18 23:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 08:38 - 2014-09-18 23:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 08:38 - 2014-09-13 06:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 08:38 - 2014-09-13 05:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 08:37 - 2014-09-04 00:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 08:37 - 2014-09-04 00:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 08:37 - 2014-08-16 04:08 - 21195616 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-16 08:37 - 2014-08-16 04:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-10-16 08:37 - 2014-08-16 04:01 - 01710184 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-16 08:37 - 2014-08-16 03:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-16 08:37 - 2014-08-16 03:57 - 02498880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-16 08:37 - 2014-08-16 03:57 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-16 08:37 - 2014-08-16 03:16 - 18722600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-16 08:37 - 2014-08-16 03:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-10-16 08:37 - 2014-08-16 03:03 - 01467384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-16 08:37 - 2014-08-16 01:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-16 08:37 - 2014-08-16 01:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-10-16 08:37 - 2014-08-16 00:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-10-16 08:37 - 2014-08-16 00:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-10-16 08:37 - 2014-08-16 00:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2014-10-16 08:37 - 2014-08-16 00:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-10-16 08:37 - 2014-08-16 00:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2014-10-16 08:37 - 2014-08-16 00:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-10-16 08:37 - 2014-08-16 00:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-10-16 08:37 - 2014-08-16 00:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-10-16 08:37 - 2014-08-16 00:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-16 08:37 - 2014-08-16 00:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-10-16 08:37 - 2014-08-16 00:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-10-16 08:37 - 2014-08-16 00:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-10-16 08:37 - 2014-08-16 00:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-16 08:37 - 2014-08-16 00:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-10-16 08:37 - 2014-08-16 00:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-10-16 08:37 - 2014-08-16 00:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-10-16 08:37 - 2014-08-16 00:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 08:37 - 2014-08-16 00:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-10-16 08:37 - 2014-08-16 00:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-10-16 08:37 - 2014-08-16 00:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-10-16 08:37 - 2014-08-16 00:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-10-16 08:37 - 2014-08-16 00:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 08:37 - 2014-08-16 00:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-10-16 08:37 - 2014-07-31 23:22 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-16 08:36 - 2014-10-09 22:16 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 08:36 - 2014-10-08 22:09 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 08:36 - 2014-09-19 01:24 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 08:36 - 2014-09-13 06:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 08:36 - 2014-09-13 05:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 08:36 - 2014-08-29 01:58 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-10-16 08:36 - 2014-08-28 23:56 - 02646016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-16 08:36 - 2014-08-28 23:47 - 02321920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-15 08:58 - 2014-10-15 08:58 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-15 08:58 - 2014-10-15 08:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-15 08:58 - 2014-10-15 08:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-15 08:58 - 2014-10-15 08:58 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-15 08:58 - 2014-10-15 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-15 08:58 - 2014-10-15 08:58 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-11 17:28 - 2014-10-26 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-09 09:07 - 2014-10-09 09:07 - 00089088 _____ (Razer Inc) C:\Windows\SysWOW64\rzdevinfo.dll
2014-10-08 18:17 - 2014-10-08 18:17 - 00000000 _____ () C:\Users\Grimseethe\AppData\Local\{D3D922EF-DC66-4437-9B46-B51D5B83DD94}
2014-10-07 10:36 - 2014-10-07 10:36 - 133616624 _____ () C:\Users\Grimseethe\Documents\Apache_OpenOffice_4.1.1_Win_x86_install_en-GB.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 07:35 - 2013-07-09 17:42 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1529992669-352850834-4173221306-1001
2014-11-04 07:30 - 2014-09-29 14:39 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-04 07:30 - 2013-07-23 10:28 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-04 07:28 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru
2014-11-03 21:50 - 2014-02-08 11:52 - 00000000 ___RD () C:\Users\Grimseethe\Documents\File001
2014-11-03 21:46 - 2013-07-09 18:18 - 01147904 ___SH () C:\Users\Grimseethe\Documents\Thumbs.db
2014-11-03 21:19 - 2013-07-23 10:28 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-03 20:56 - 2013-10-29 18:25 - 00000000 ____D () C:\Users\Grimseethe\AppData\Local\Battle.net
2014-11-03 20:25 - 2013-10-24 22:44 - 02076555 _____ () C:\Windows\WindowsUpdate.log
2014-11-03 15:42 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-03 15:41 - 2013-09-29 20:03 - 01451870 _____ () C:\Windows\PFRO.log
2014-11-03 15:41 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-11-03 09:37 - 2014-08-30 12:46 - 00000000 ____D () C:\Users\Grimseethe\AppData\Roaming\vlc
2014-11-03 09:14 - 2013-07-14 09:41 - 00000000 ____D () C:\Users\Grimseethe\AppData\Local\CrashDumps
2014-11-02 10:24 - 2013-08-19 21:45 - 00000000 ____D () C:\ProgramData\HappyCloud
2014-11-02 09:15 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-01 15:08 - 2013-07-23 10:28 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-01 08:42 - 2013-09-30 04:11 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-01 08:36 - 2013-08-22 14:44 - 00509888 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-31 10:28 - 2013-07-10 10:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-31 10:10 - 2013-10-24 22:48 - 00000000 ____D () C:\Users\Grimseethe
2014-10-30 16:59 - 2014-04-22 14:30 - 00412720 _____ () C:\Windows\DPINST.LOG
2014-10-30 12:50 - 2014-04-13 08:56 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-10-29 18:42 - 2013-09-06 12:52 - 00000000 ____D () C:\Users\Grimseethe\Documents\Jamie CV
2014-10-29 08:11 - 2013-10-24 23:02 - 00000290 __RSH () C:\Users\Grimseethe\ntuser.pol
2014-10-29 08:10 - 2012-07-26 08:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-28 19:18 - 2013-09-16 15:22 - 00000000 ____D () C:\Users\Grimseethe\AppData\Roaming\Awesomium
2014-10-27 13:00 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-27 11:46 - 2013-07-23 10:28 - 00000000 ____D () C:\Users\Grimseethe\AppData\Local\Google
2014-10-26 12:46 - 2013-08-22 15:36 - 00000000 ___RD () C:\Windows\DesktopTileResources
2014-10-26 12:22 - 2013-08-22 15:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-26 11:53 - 2014-03-28 11:30 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-26 11:53 - 2014-03-28 11:30 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-26 11:53 - 2013-07-09 18:06 - 00000000 ____D () C:\ProgramData\Skype
2014-10-26 06:36 - 2013-08-22 15:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-10-26 04:27 - 2014-07-31 06:27 - 00000096 _____ () C:\Users\Grimseethe\AppData\Roaming\WB.CFG
2014-10-24 11:16 - 2014-04-13 08:55 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-18 18:21 - 2013-07-09 18:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-18 18:15 - 2014-03-05 13:58 - 00000000 ___RD () C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbine
2014-10-18 18:15 - 2013-08-19 21:46 - 00000000 ____D () C:\ProgramData\Turbine
2014-10-18 10:19 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\rescache
2014-10-17 18:14 - 2013-07-23 10:28 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 18:14 - 2013-07-23 10:28 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 13:12 - 2013-08-22 15:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-17 13:12 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\WinStore
2014-10-17 13:12 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2014-10-17 13:12 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\en-GB
2014-10-17 13:12 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-17 13:12 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-17 13:12 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\Camera
2014-10-17 09:00 - 2012-07-26 07:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-17 08:58 - 2013-07-19 16:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 08:56 - 2013-07-11 07:57 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-17 08:55 - 2014-07-10 17:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 07:18 - 2013-07-09 18:06 - 00000000 ____D () C:\Users\Grimseethe\AppData\Roaming\Skype
2014-10-15 08:58 - 2013-09-24 16:54 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-11 16:39 - 2013-08-22 14:46 - 00337302 _____ () C:\Windows\setupact.log
2014-10-08 08:07 - 2014-09-29 14:39 - 00771272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-10-08 08:07 - 2014-09-29 14:39 - 00142344 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-10-06 07:26 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\NDF

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-03 11:01

==================== End Of Log ============================

 

Additional log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Grimseethe at 2014-11-04 07:36:54
Running from C:\Users\Grimseethe\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{1CAFFEC6-23B4-484B-B17B-3200BE5C5636}) (Version: 99.9 - Eyeo GmbH)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 4.28 - Happy Cloud, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.1 (HKLM\...\{8A837C47-2B21-4FDF-8370-41A1EB6A26E8}) (Version: 1.10.123.0 - Microsoft)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.8.23 - Symantec Corporation)
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 344.11 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{28B88897-774A-4005-BBFF-663B1F8EAA5A}) (Version: 4.10.9764 - Apache Software Foundation)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.17.22879 - Razer Inc.)
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - Enterbrain)
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Lord of the Rings Online (HKCU\...\lotro_highres_en) (Version:  - )
Windows Phone app for desktop (HKLM-x32\...\{8C9B338E-6815-41F2-9FE3-337715D1524E}) (Version: 1.0.1720.1 - Microsoft Corporation)
WinRAR 5.11 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.1 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1529992669-352850834-4173221306-1001_Classes\CLSID\{8aaa59b7-f0a8-4973-8024-9687e30d7e20}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================

07-10-2014 10:37:50 Installed OpenOffice 4.1.1
15-10-2014 08:57:39 Installed Java 7 Update 71
18-10-2014 18:20:19 Removed Arc
25-10-2014 21:14:33 Removed Microsoft ASP.NET MVC 4 Runtime
27-10-2014 10:24:53 OTL Restore Point - 27/10/2014 10:24:52
29-10-2014 08:00:13 Removed Adblock Plus for IE (32-bit and 64-bit)
01-11-2014 08:26:59 Installed Free RMVB Player.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2014-10-28 09:54 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {20854C12-4667-40A4-A55A-19B58A54BCB6} - System32\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-2 => C:\Program Files (x86)\enterprise 1.1\048b5f9a-869e-4185-b56c-ce66dd69e1fe-2.exe
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2FBEA1B9-85B9-4CF0-9A40-A715216E253F} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-4 => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-4.exe <==== ATTENTION
Task: {3334C2FF-A22F-400E-873D-CF55ADF360C7} - System32\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-5 => C:\Program Files (x86)\enterprise 1.1\048b5f9a-869e-4185-b56c-ce66dd69e1fe-5.exe
Task: {341B1342-8248-4824-9DCB-BB4353FC85AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {37531B9B-EFC6-458B-9566-96DBC507CB20} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3D71233D-5576-4676-A14F-8C96F7244824} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {3D8DC142-5344-40D6-A489-B0BBBD7A8092} - System32\Tasks\DonutQuotes => C:\Program Files (x86)\donutleads\ScheduledTask.exe
Task: {402A6155-47CE-4F1B-A9F6-B77520AD4406} - System32\Tasks\SystemOperations\Safe Updater 08 => C:\ProgramData\SystemOperations\SafeUpdater\SafeUpdater.exe [2014-10-23] (PicColor)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {54B0E7D9-A555-4901-B871-A4F896CDAC1D} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {5B28B9DF-A647-4F99-B397-6A5047E7942D} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5 => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-5.exe <==== ATTENTION
Task: {5B294780-9D2D-408F-822B-C33A5D8A9F7A} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-3 => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-3.exe <==== ATTENTION
Task: {64FF85B6-28A6-4AEF-83BE-1F1A148C14B7} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5_user => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-5.exe <==== ATTENTION
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6F40B3C6-8B2C-4B1B-883F-DD3D75080E46} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7CE25BE9-5887-4669-9B9B-E1EE6DEEEE9D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {7FC53462-DE3F-4E3A-88D1-C2F694DBE119} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-11 => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-11.exe <==== ATTENTION
Task: {8664D02A-B127-4129-93D8-3E3B01EBDD37} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8D3BE22C-8AA1-49EC-A761-C67CAF87C9C2} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-2 => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-2.exe <==== ATTENTION
Task: {91D8DBBD-48C5-4505-B26A-893B02B0F283} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A25ACBC9-C5FA-4A3B-8CB2-71CFAEBE5031} - System32\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-4 => C:\Program Files (x86)\enterprise 1.1\048b5f9a-869e-4185-b56c-ce66dd69e1fe-4.exe
Task: {A26BC139-4191-43BB-B3F1-9BCDAA9F0E77} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-17] (Microsoft Corporation)
Task: {AFBEF24E-9477-4EE5-B4CE-B74581D3CD44} - System32\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-11 => C:\Program Files (x86)\enterprise 1.1\048b5f9a-869e-4185-b56c-ce66dd69e1fe-11.exe
Task: {B2EB1931-869F-4127-8CB4-AD34D46D4F73} - System32\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-5_user => C:\Program Files (x86)\enterprise 1.1\048b5f9a-869e-4185-b56c-ce66dd69e1fe-5.exe
Task: {C5C4AD86-26D0-411A-A185-076C77DD6270} - \KSGF No Task File <==== ATTENTION
Task: {C7FBA46A-B418-4ECD-8D01-D179BE538901} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-1 => C:\Program Files (x86)\HQuality-v3V01.11\HQuality-v3V01.11-codedownloader.exe <==== ATTENTION
Task: {CEF34E7A-5201-48E8-B27A-8954A1A1D5C5} - System32\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-1 => C:\Program Files (x86)\enterprise 1.1\enterprise 1.1-codedownloader.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D4717EFF-E0CA-41A3-A413-457FFC1B7CC7} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DD979D16-B1A5-4B19-BF5E-6F9B1F50AA0C} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E8E82BAE-96F5-44EF-8B6F-5D016761332C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {F2005DDE-AD23-407D-8FBB-19EBDCB7CA51} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {FAF107B9-4B18-452B-93EC-359D232651F3} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {FF589A2B-FE8E-47BD-B49C-E1F1E41E0A0F} - \ITPCD No Task File <==== ATTENTION
Task: C:\Windows\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-1.job => C:\Program Files (x86)\enterprise 1.1\enterprise 1.1-codedownloader.exe
Task: C:\Windows\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-11.job => C:\Program Files (x86)\enterprise 1.1\048b5f9a-869e-4185-b56c-ce66dd69e1fe-11.exe
Task: C:\Windows\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-2.job => C:\Program Files (x86)\enterprise 1.1\048b5f9a-869e-4185-b56c-ce66dd69e1fe-2.exe
Task: C:\Windows\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-4.job => C:\Program Files (x86)\enterprise 1.1\048b5f9a-869e-4185-b56c-ce66dd69e1fe-4.exe
Task: C:\Windows\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-5.job => C:\Program Files (x86)\enterprise 1.1\048b5f9a-869e-4185-b56c-ce66dd69e1fe-5.exe
Task: C:\Windows\Tasks\048b5f9a-869e-4185-b56c-ce66dd69e1fe-5_user.job => C:\Program Files (x86)\enterprise 1.1\048b5f9a-869e-4185-b56c-ce66dd69e1fe-5.exe
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-1.job => C:\Program Files (x86)\HQuality-v3V01.11\HQuality-v3V01.11-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-11.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-2.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-3.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-4.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5_user.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ITPCD.job => C:\Users\Grimseethe\AppData\Roaming\ITPCD.exe <==== ATTENTION
Task: C:\Windows\Tasks\KSGF.job => C:\Users\Grimseethe\AppData\Roaming\KSGF.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-10-24 22:45 - 2014-09-13 21:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-06 14:00 - 2014-03-06 14:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Nvtmru"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKCU\...\StartupApproved\Run: => "Steam"
HKCU\...\StartupApproved\Run: => "WebCake Desktop"
HKCU\...\StartupApproved\Run: => "Spotify"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"
HKCU\...\StartupApproved\Run: => "fastclean"
HKCU\...\StartupApproved\Run: => "Akamai NetSession Interface"

========================= Accounts: ==========================

Administrator (S-1-5-21-1529992669-352850834-4173221306-500 - Administrator - Disabled)
Grimseethe (S-1-5-21-1529992669-352850834-4173221306-1001 - Administrator - Enabled) => C:\Users\Grimseethe
Guest (S-1-5-21-1529992669-352850834-4173221306-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1529992669-352850834-4173221306-1006 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/03/2014 08:05:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jamie)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/03/2014 08:05:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jamie)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/03/2014 03:39:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11d8

Start Time: 01cff774235b0899

Termination Time: 93

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 95f56863-636f-11e4-bed9-902b34996fa3

Faulting package full name:

Faulting package-relative application ID:

Error: (11/03/2014 02:25:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jamie)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/03/2014 02:24:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jamie)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/03/2014 10:27:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jamie)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/03/2014 09:45:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jamie)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/03/2014 09:35:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jamie)
Description: Activation of application Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/03/2014 09:35:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17031, time stamp: 0x53085927
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebf2e
Exception code: 0x00000004
Fault offset: 0x000000000000606c
Faulting process ID: 0x3ae8
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report ID: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5

Error: (11/03/2014 09:14:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jamie)
Description: Activation of application Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (11/03/2014 09:14:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VO Service component service terminated unexpectedly. It has done this 1 time(s).

Error: (11/03/2014 08:05:49 PM) (Source: DCOM) (EventID: 10010) (User: Jamie)
Description: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.4

Error: (11/03/2014 08:05:30 PM) (Source: DCOM) (EventID: 10010) (User: Jamie)
Description: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.4

Error: (11/03/2014 03:42:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%2

Error: (11/03/2014 03:41:50 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on Hyper-V logical processor 5 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (11/03/2014 03:41:50 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on Hyper-V logical processor 4 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (11/03/2014 03:41:50 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on Hyper-V logical processor 3 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (11/03/2014 03:41:50 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on Hyper-V logical processor 2 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (11/03/2014 03:41:50 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on Hyper-V logical processor 1 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (11/03/2014 03:41:50 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on Hyper-V logical processor 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Microsoft Office Sessions:
=========================
Error: (11/03/2014 08:05:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jamie)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (11/03/2014 08:05:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jamie)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (11/03/2014 03:39:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1734411d801cff774235b089993C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE95f56863-636f-11e4-bed9-902b34996fa3

Error: (11/03/2014 02:25:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jamie)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (11/03/2014 02:24:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jamie)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (11/03/2014 10:27:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jamie)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (11/03/2014 09:45:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jamie)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (11/03/2014 09:35:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jamie)
Description: Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo-2144927141

Error: (11/03/2014 09:35:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.1703153085927KERNELBASE.dll6.3.9600.1727853eebf2e00000004000000000000606c3ae801cff7498f3c71e7C:\Windows\system32\wwahost.exeC:\Windows\system32\KERNELBASE.dllcd1fd3d6-633c-11e4-bed8-902b34996fa3Microsoft.ZuneVideo_2.6.376.0_x64__8wekyb3d8bbweMicrosoft.ZuneVideo

Error: (11/03/2014 09:14:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jamie)
Description: Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo-2144927141

==================== Memory info ===========================

Processor: AMD FX™-6200 Six-Core Processor
Percentage of memory in use: 21%
Total physical RAM: 8173.55 MB
Available physical RAM: 6424.33 MB
Total Pagefile: 9453.55 MB
Available Pagefile: 7321.71 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1863.01 GB) (Free:1397.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Hard Drive) (Fixed) (Total:931.51 GB) (Free:931.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 125FECD7)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 8CA5DBDC)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#29
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

You were not kidding this thing keeps coming back on me. I have a fix to run. You also picked up more adware that we will address.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
Startup: C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X] <==== ATTENTION
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
Task: {2FBEA1B9-85B9-4CF0-9A40-A715216E253F} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-4 => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-4.exe <==== ATTENTION
Task: {3D71233D-5576-4676-A14F-8C96F7244824} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {54B0E7D9-A555-4901-B871-A4F896CDAC1D} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {5B28B9DF-A647-4F99-B397-6A5047E7942D} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5 => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-5.exe <==== ATTENTION
Task: {5B294780-9D2D-408F-822B-C33A5D8A9F7A} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-3 => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-3.exe <==== ATTENTION
Task: {64FF85B6-28A6-4AEF-83BE-1F1A148C14B7} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5_user => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-5.exe <==== ATTENTION
Task: {7FC53462-DE3F-4E3A-88D1-C2F694DBE119} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-11 => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-11.exe <==== ATTENTION
Task: {8D3BE22C-8AA1-49EC-A761-C67CAF87C9C2} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-2 => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-2.exe <==== ATTENTION
Task: {91D8DBBD-48C5-4505-B26A-893B02B0F283} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {C5C4AD86-26D0-411A-A185-076C77DD6270} - \KSGF No Task File <==== ATTENTION
Task: {C7FBA46A-B418-4ECD-8D01-D179BE538901} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-1 => C:\Program Files (x86)\HQuality-v3V01.11\HQuality-v3V01.11-codedownloader.exe <==== ATTENTION
Task: {FF589A2B-FE8E-47BD-B49C-E1F1E41E0A0F} - \ITPCD No Task File <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-1.job => C:\Program Files (x86)\HQuality-v3V01.11\HQuality-v3V01.11-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-11.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-2.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-3.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-4.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5_user.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-5.exe <==== ATTENTION
ask: C:\Windows\Tasks\ITPCD.job => C:\Users\Grimseethe\AppData\Roaming\ITPCD.exe <==== ATTENTION
Task: C:\Windows\Tasks\KSGF.job => C:\Users\Grimseethe\AppData\Roaming\KSGF.exe <==== ATTENTION
reboot:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next lets look in the registry too

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror#2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfind
    MyPC Backup
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


In your next reply post.
  • Fixlog.txt
  • A new FRST Log
  • SystemLook.txt
Thanks
Joe :)
  • 0

#30
Grimseethe

Grimseethe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
zep516, on 05 Nov 2014 - 03:37 AM, said:

Hello,

You were not kidding this thing keeps coming back on me. I have a fix to run. You also picked up more adware that we will address.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 


start
Startup: C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X] <==== ATTENTION
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
Task: {2FBEA1B9-85B9-4CF0-9A40-A715216E253F} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-4 => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-4.exe <==== ATTENTION
Task: {3D71233D-5576-4676-A14F-8C96F7244824} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {54B0E7D9-A555-4901-B871-A4F896CDAC1D} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {5B28B9DF-A647-4F99-B397-6A5047E7942D} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5 => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-5.exe <==== ATTENTION
Task: {5B294780-9D2D-408F-822B-C33A5D8A9F7A} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-3 => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-3.exe <==== ATTENTION
Task: {64FF85B6-28A6-4AEF-83BE-1F1A148C14B7} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5_user => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-5.exe <==== ATTENTION
Task: {7FC53462-DE3F-4E3A-88D1-C2F694DBE119} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-11 => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-11.exe <==== ATTENTION
Task: {8D3BE22C-8AA1-49EC-A761-C67CAF87C9C2} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-2 => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-2.exe <==== ATTENTION
Task: {91D8DBBD-48C5-4505-B26A-893B02B0F283} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {C5C4AD86-26D0-411A-A185-076C77DD6270} - \KSGF No Task File <==== ATTENTION
Task: {C7FBA46A-B418-4ECD-8D01-D179BE538901} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-1 => C:\Program Files (x86)\HQuality-v3V01.11\HQuality-v3V01.11-codedownloader.exe <==== ATTENTION
Task: {FF589A2B-FE8E-47BD-B49C-E1F1E41E0A0F} - \ITPCD No Task File <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-1.job => C:\Program Files (x86)\HQuality-v3V01.11\HQuality-v3V01.11-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-11.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-2.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-3.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-4.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5_user.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-5.exe <==== ATTENTION
ask: C:\Windows\Tasks\ITPCD.job => C:\Users\Grimseethe\AppData\Roaming\ITPCD.exe <==== ATTENTION
Task: C:\Windows\Tasks\KSGF.job => C:\Users\Grimseethe\AppData\Roaming\KSGF.exe <==== ATTENTION
reboot:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next lets look in the registry too

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror#2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfind
    MyPC Backup
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


In your next reply post.
  • Fixlog.txt
  • A new FRST Log
  • SystemLook.txt
Thanks
Joe :)

 

Fixtext log

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Grimseethe at 2014-11-05 11:23:09 Run:3
Running from C:\Users\Grimseethe\Desktop
Loaded Profile: Grimseethe (Available profiles: Grimseethe)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Startup: C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X] <==== ATTENTION
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
Task: {2FBEA1B9-85B9-4CF0-9A40-A715216E253F} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-4 => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-4.exe <==== ATTENTION
Task: {3D71233D-5576-4676-A14F-8C96F7244824} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {54B0E7D9-A555-4901-B871-A4F896CDAC1D} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {5B28B9DF-A647-4F99-B397-6A5047E7942D} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5 => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-5.exe <==== ATTENTION
Task: {5B294780-9D2D-408F-822B-C33A5D8A9F7A} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-3 => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-3.exe <==== ATTENTION
Task: {64FF85B6-28A6-4AEF-83BE-1F1A148C14B7} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5_user => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-5.exe <==== ATTENTION
Task: {7FC53462-DE3F-4E3A-88D1-C2F694DBE119} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-11 => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-11.exe <==== ATTENTION
Task: {8D3BE22C-8AA1-49EC-A761-C67CAF87C9C2} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-2 => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-2.exe <==== ATTENTION
Task: {91D8DBBD-48C5-4505-B26A-893B02B0F283} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {C5C4AD86-26D0-411A-A185-076C77DD6270} - \KSGF No Task File <==== ATTENTION
Task: {C7FBA46A-B418-4ECD-8D01-D179BE538901} - System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-1 => C:\Program Files (x86)\HQuality-v3V01.11\HQuality-v3V01.11-codedownloader.exe <==== ATTENTION
Task: {FF589A2B-FE8E-47BD-B49C-E1F1E41E0A0F} - \ITPCD No Task File <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-1.job => C:\Program Files (x86)\HQuality-v3V01.11\HQuality-v3V01.11-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-11.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-2.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-3.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-4.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5_user.job => C:\Program Files (x86)\HQuality-v3V01.11\18d26648-a835-4c0c-8919-02f737e58adc-5.exe <==== ATTENTION
ask: C:\Windows\Tasks\ITPCD.job => C:\Users\Grimseethe\AppData\Roaming\ITPCD.exe <==== ATTENTION
Task: C:\Windows\Tasks\KSGF.job => C:\Users\Grimseethe\AppData\Roaming\KSGF.exe <==== ATTENTION
reboot:
end
*****************

C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk => Moved successfully.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe not found.
BackupStack => Service deleted successfully.
"C:\Program Files (x86)\MyPC Backup\BackupStack.exe" => File/Directory not found.
"C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" => File/Directory not found.
"C:\Users\Grimseethe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk" => File/Directory not found.
globalUpdate => Service deleted successfully.
globalUpdatem => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2FBEA1B9-85B9-4CF0-9A40-A715216E253F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FBEA1B9-85B9-4CF0-9A40-A715216E253F}" => Key deleted successfully.
C:\Windows\System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-4 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\18d26648-a835-4c0c-8919-02f737e58adc-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D71233D-5576-4676-A14F-8C96F7244824}" => Key not found.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{54B0E7D9-A555-4901-B871-A4F896CDAC1D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54B0E7D9-A555-4901-B871-A4F896CDAC1D}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B28B9DF-A647-4F99-B397-6A5047E7942D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B28B9DF-A647-4F99-B397-6A5047E7942D}" => Key deleted successfully.
C:\Windows\System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\18d26648-a835-4c0c-8919-02f737e58adc-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B294780-9D2D-408F-822B-C33A5D8A9F7A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B294780-9D2D-408F-822B-C33A5D8A9F7A}" => Key deleted successfully.
C:\Windows\System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\18d26648-a835-4c0c-8919-02f737e58adc-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{64FF85B6-28A6-4AEF-83BE-1F1A148C14B7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64FF85B6-28A6-4AEF-83BE-1F1A148C14B7}" => Key deleted successfully.
C:\Windows\System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5_user => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\18d26648-a835-4c0c-8919-02f737e58adc-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7FC53462-DE3F-4E3A-88D1-C2F694DBE119}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FC53462-DE3F-4E3A-88D1-C2F694DBE119}" => Key deleted successfully.
C:\Windows\System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-11 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\18d26648-a835-4c0c-8919-02f737e58adc-11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8D3BE22C-8AA1-49EC-A761-C67CAF87C9C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D3BE22C-8AA1-49EC-A761-C67CAF87C9C2}" => Key deleted successfully.
C:\Windows\System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\18d26648-a835-4c0c-8919-02f737e58adc-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91D8DBBD-48C5-4505-B26A-893B02B0F283}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91D8DBBD-48C5-4505-B26A-893B02B0F283}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5C4AD86-26D0-411A-A185-076C77DD6270}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5C4AD86-26D0-411A-A185-076C77DD6270}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KSGF" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C7FBA46A-B418-4ECD-8D01-D179BE538901}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7FBA46A-B418-4ECD-8D01-D179BE538901}" => Key deleted successfully.
C:\Windows\System32\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\18d26648-a835-4c0c-8919-02f737e58adc-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FF589A2B-FE8E-47BD-B49C-E1F1E41E0A0F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF589A2B-FE8E-47BD-B49C-E1F1E41E0A0F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ITPCD" => Key deleted successfully.
C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-1.job => Moved successfully.
C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-11.job => Moved successfully.
C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-2.job => Moved successfully.
C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-3.job => Moved successfully.
C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-4.job => Moved successfully.
C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5.job => Moved successfully.
C:\Windows\Tasks\18d26648-a835-4c0c-8919-02f737e58adc-5_user.job => Moved successfully.
ask: C:\Windows\Tasks\ITPCD.job => C:\Users\Grimseethe\AppData\Roaming\ITPCD.exe <==== ATTENTION => Error: No automatic fix found for this entry.
C:\Windows\Tasks\KSGF.job => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====

 

System look log

 

SystemLook 30.07.11 by jpshortstuff
Log created at 11:26 on 05/11/2014 by Grimseethe
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== regfind ==========

Searching for "MyPC Backup"
[HKEY_CURRENT_USER\Software\Microsoft\.NETFramework\SQM\Apps\MyPC Backup.exe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe.FriendlyAppName"="MyPC Backup"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe.ApplicationCompany"="MyPCBackup.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MyPC Backup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MyPC Backup]
@="C:\Program Files (x86)\MyPC Backup\BackupStack.exe"
[HKEY_USERS\S-1-5-21-1529992669-352850834-4173221306-1001\Software\Microsoft\.NETFramework\SQM\Apps\MyPC Backup.exe]
[HKEY_USERS\S-1-5-21-1529992669-352850834-4173221306-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe.FriendlyAppName"="MyPC Backup"
[HKEY_USERS\S-1-5-21-1529992669-352850834-4173221306-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe.ApplicationCompany"="MyPCBackup.com"
[HKEY_USERS\S-1-5-21-1529992669-352850834-4173221306-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe.FriendlyAppName"="MyPC Backup"
[HKEY_USERS\S-1-5-21-1529992669-352850834-4173221306-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe.ApplicationCompany"="MyPCBackup.com"

-= EOF =-


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP