Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Feels like i have 8 Browsers running, Super slow now. [Solved]

Sluggish pc possible virus possibly malware

  • This topic is locked This topic is locked

#1
Joe-King

Joe-King

    Member

  • Member
  • PipPipPip
  • 112 posts

Well i was running just fine a few days ago. I was having problems connecting to a specific website so i came here and asked for help. Not blambing him so there is no need for names. But he was trying to figure out why i could not gain access to the website mentioned i try to see if i could use Internet Explorer as a test. I have had problems with IE in the past so i deleted it off of my computer. So i tried & tried to download IE just for the test. Was going to delete it as soon as i got done. Well i never got my computer to fully download Internet Explorer i tried from all different sites to see if i could get it any way possible. But not a day or so after my computer is entirely Lagged out, or feels like i have picked up a virus of some sort. Im willing to do whatever it takes i just need my computer back to normal. A few weeks ago i made a disc of setting my pc back in time. But im not 100% clear on how to do that or where to start.


  • 0

Advertisements


#2
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Greetings Joe-King and :welcome:

My nickname is Ruggie and I will be assisting you in cleaning your computer.

 

I have been reading your other thread today and was going to offer some insight, which is how I picked up on this one so I know where we are at. :D

Please be aware I am currently in the final stages of training right now and all my work will be checked by an instructor so there may be a slight delay between posts. The added benefit to this is that you will have 2 sets of eyes looking at your problem so you can be assured you will get the best possible help.

  • Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
  • When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
  • If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

stop32.png Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

right-grn.pngPlease be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

right-grn.pngIf at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

right-grn.png I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

right-grn.png Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

right-grn.pngPlease stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

right-grn.png Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

right-grn.png If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

right-grn.png If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.

  • Right click frst.png to run as administrator. >> Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to the disclaimer.
  • Ensure that the following are ticked as in the image below

Drivers MD5
Addition.txt

frst-addition.png

  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Items I need to see in your next post:

  • FRST and Addition Log
     

  • 1

#3
Joe-King

Joe-King

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts

Hi Ruggie, Thanks for the response. Sorry for the late reply. Have been fixing some facebook problems people in my Group are having. None the less, I will Download  Farbar Recovery Scan Tool right now and post Logs as soon as they are done.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by GhettoWatta (administrator) on WILLIAMS on 04-11-2014 21:19:59
Running from C:\Users\GhettoWatta\Music
Loaded Profile: GhettoWatta (Available profiles: admin & GhettoWatta)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2481016137-1897162791-1153571023-1006\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2481016137-1897162791-1153571023-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-2481016137-1897162791-1153571023-1006\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2481016137-1897162791-1153571023-1006\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk /r \??\J:autocheck autochk * sdnclean64.exe
GroupPolicyUsers\S-1-5-21-2481016137-1897162791-1153571023-1006\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2481016137-1897162791-1153571023-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
DPF: HKLM-x32 {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcp...opAntiVirus.dll
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13
Tcpip\..\Interfaces\{DF138B97-11FC-46B9-8628-7F0FB95FC7E0}: [NameServer] 208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\GhettoWatta\AppData\Roaming\Mozilla\Firefox\Profiles\hxbck646.default
FF Homepage: https://www.google.com/?gws_rd=ssl
FF NetworkProxy: "http", "118.70.125.6"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.3.1.18\ma\bin\npMotive.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\GhettoWatta\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\GhettoWatta\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npganymedenet.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmidas.dll (Midasplayer Ltd)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Abduction! - C:\Users\GhettoWatta\AppData\Roaming\Mozilla\Firefox\Profiles\hxbck646.default\Extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpi [2014-11-04]
FF Extension: Adblock Plus - C:\Users\GhettoWatta\AppData\Roaming\Mozilla\Firefox\Profiles\hxbck646.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-08]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-04-26]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome:
=======
CHR Profile: C:\Users\GhettoWatta\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\GhettoWatta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-09]
CHR Extension: (Google Wallet) - C:\Users\GhettoWatta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 FastUserSwitchingCompatibility; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 FastUserSwitchingCompatibility; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 mksvirmonsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 mksvirmonsvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-16] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-09-19] () [File not signed]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-09-26] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-06] (Anchorfree Inc.)
U3 alg74jha; C:\Windows\System32\Drivers\alg74jha.sys [0 ] (Microsoft Corporation)
S3 7ByteIo; \??\C:\Program Files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [X]
S3 cpuz134; \??\C:\Users\Smith\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
R1 MpKsl197ab63e; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{42D84ACF-66EF-42ED-B4AE-9DB96B151BAA}\MpKsl197ab63e.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S4 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S4 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S4 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]
S4 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\System32\DRIVERS\agrsm64.sys A6AB6F0ACE87DA76B4C401813D18BE95
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys 80B9412C4DE09147581FC935FB4C97AB
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS 1ED08A6264C5C92099D6D1DAE5E8F530
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 6439D1E559D08BD8A1465A8943357053
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys F9EEFFC65C68A45001D1349E652B8B6F
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvm62x64.sys A85B4F2EF3A7304A5399EF0526423040
C:\Windows\System32\DRIVERS\nvlddmkm.sys 8E6247F418B4C8AE9EEB0B532CABCC21
C:\Windows\System32\DRIVERS\nvmf6264.sys 0AD267A4674805B61A5D7B911D2A978A
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvstor.sys ==> MD5 is legit
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 7E4C1879248629A2C9CC9ADF52CBB9B7
C:\Windows\System32\drivers\nvvad64v.sys 1AF619620613869C07F9C147BC37520F
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys 946010CDFA91469351B22E2620CEBCD8
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys 0DE22421179D5A8440B68517DDF2B051
C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SWDUMon.sys F4769CA7C8D24629DBBE6C45A0686F52
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\taphss6.sys 55C12B70A36D151EE55C8AFACD31467F
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\teamviewervpn.sys F5520DBB47C60EE83024B38720ABDA24
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\alg74jha.sys

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: mksvirmonsvc -> No ServiceDLL Path.

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 21:18 - 2014-11-04 21:18 - 00000777 _____ () C:\Users\GhettoWatta\Desktop\Farbar Recovery Scan Tool.lnk
2014-11-04 21:17 - 2014-11-04 21:20 - 00000000 ____D () C:\FRST
2014-11-04 12:13 - 2014-11-04 12:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-03 20:58 - 2014-11-03 20:58 - 00000000 ____D () C:\Users\GhettoWatta\AppData\Local\Apps\2.0
2014-11-02 00:00 - 2014-11-02 09:35 - 00000168 _____ () C:\Windows\setupact.log
2014-11-02 00:00 - 2014-11-02 00:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-31 22:11 - 2014-10-31 22:11 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-10-31 22:10 - 2014-10-31 23:16 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-10-31 20:46 - 2014-10-31 20:46 - 00001828 _____ () C:\sc-cleaner.txt
2014-10-31 20:04 - 2014-10-31 20:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-31 19:29 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-31 16:14 - 2014-10-31 16:14 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-31 16:14 - 2014-10-31 16:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-31 16:14 - 2014-10-31 16:14 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-31 16:14 - 2014-10-31 16:14 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-31 16:14 - 2014-10-31 16:14 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-31 16:14 - 2014-10-31 16:14 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-10-31 16:14 - 2014-10-31 16:14 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-10-31 16:14 - 2014-10-31 16:14 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-31 16:14 - 2014-10-31 16:14 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-10-31 16:14 - 2014-10-31 16:14 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-10-31 16:14 - 2014-10-31 16:14 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-10-31 16:14 - 2014-10-31 16:14 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-10-31 16:14 - 2014-10-31 16:14 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-10-31 16:14 - 2014-10-31 16:14 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-31 16:14 - 2014-10-31 16:14 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-31 16:14 - 2014-10-31 16:14 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-31 16:14 - 2014-10-31 16:14 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-10-31 16:14 - 2014-10-31 16:14 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-10-31 16:14 - 2014-10-31 16:14 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-10-31 16:14 - 2014-10-31 16:14 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-10-31 16:14 - 2014-10-31 16:14 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-10-31 16:14 - 2014-10-31 16:14 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-31 16:14 - 2014-10-31 16:14 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-31 16:14 - 2014-10-31 16:14 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-31 16:14 - 2014-10-31 16:14 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-31 16:14 - 2014-10-31 16:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-31 14:34 - 2014-10-31 14:34 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-31 14:34 - 2014-10-31 14:34 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-31 14:34 - 2014-10-31 14:34 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-10-31 14:34 - 2014-10-31 14:34 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-10-31 14:34 - 2014-10-31 14:34 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-10-31 14:34 - 2014-10-31 14:34 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-10-25 22:55 - 2014-10-25 22:55 - 00000378 _____ () C:\Users\GhettoWatta\Desktop\Removable Disk (J) - Shortcut.lnk
2014-10-25 22:43 - 2014-09-04 13:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-10-25 22:43 - 2014-09-04 13:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-10-21 13:15 - 2014-10-21 13:12 - 00449906 ____R () C:\Windows\system32\Drivers\etc\hosts.20141021-141510.backup
2014-10-21 12:58 - 2014-10-21 12:58 - 00003522 _____ () C:\Users\GhettoWatta\Documents\cc_20141021_135824.reg
2014-10-19 21:26 - 2014-10-19 21:26 - 00004418 _____ () C:\Users\GhettoWatta\Documents\cc_20141019_222640.reg
2014-10-19 20:28 - 2014-10-19 20:28 - 00022764 _____ () C:\Users\admin\Downloads\cc_20141019_212814.reg
2014-10-19 20:22 - 2014-10-19 20:22 - 00000000 ____D () C:\Users\admin\AppData\Roaming\WinRAR
2014-10-19 16:39 - 2014-10-19 21:23 - 00000000 ____D () C:\Users\GhettoWatta\AppData\Roaming\uTorrent
2014-10-19 16:25 - 2014-10-19 16:25 - 00000000 ____D () C:\Users\GhettoWatta\AppData\Roaming\WinRAR
2014-10-19 16:25 - 2014-10-19 16:25 - 00000000 ____D () C:\Users\GhettoWatta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-19 16:24 - 2014-10-19 21:25 - 00003492 _____ () C:\Windows\System32\Tasks\AI_Updater
2014-10-19 16:23 - 2014-10-19 20:43 - 00000000 ____D () C:\Program Files (x86)\Portable Booster
2014-10-19 01:43 - 2014-10-19 21:25 - 00003216 _____ () C:\Windows\System32\Tasks\IHUninstallTrackingTASK
2014-10-19 01:43 - 2014-10-19 21:25 - 00003216 _____ () C:\Windows\System32\Tasks\IHSelfDeleteTASK
2014-10-19 01:43 - 2014-10-19 01:43 - 00000000 ____D () C:\ProgramData\Motive
2014-10-18 23:38 - 2014-10-18 23:38 - 00000000 ____D () C:\Users\GhettoWatta\AppData\Roaming\FileZilla Server
2014-10-18 20:58 - 2014-10-18 20:58 - 00000044 _____ () C:\Users\GhettoWatta\AppData\Roaming\WB.CFG
2014-10-14 23:14 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 23:14 - 2014-07-06 20:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 23:14 - 2014-07-06 20:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 23:14 - 2014-07-06 19:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 23:14 - 2014-07-06 19:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 23:14 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 23:14 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 23:14 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 23:14 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 23:14 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 23:14 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 23:13 - 2014-08-18 21:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 23:13 - 2014-08-18 21:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 23:13 - 2014-08-18 21:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 23:13 - 2014-08-18 21:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 23:13 - 2014-08-18 21:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-14 23:13 - 2014-08-18 21:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-14 23:13 - 2014-08-18 21:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 23:13 - 2014-08-18 21:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 23:13 - 2014-08-18 21:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 23:13 - 2014-08-18 21:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 23:13 - 2014-08-18 20:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 23:13 - 2014-08-18 20:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-14 23:13 - 2014-08-18 20:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 23:13 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 23:13 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-14 23:13 - 2014-07-16 20:07 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-14 23:13 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 23:13 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 23:13 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-14 23:13 - 2014-07-06 20:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 23:13 - 2014-07-06 20:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 23:13 - 2014-07-06 20:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 23:13 - 2014-07-06 20:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 23:13 - 2014-07-06 20:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 23:13 - 2014-07-06 20:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 23:13 - 2014-07-06 20:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 23:13 - 2014-07-06 20:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 23:13 - 2014-07-06 20:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 23:13 - 2014-07-06 20:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 23:13 - 2014-07-06 20:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 23:13 - 2014-07-06 20:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 23:13 - 2014-07-06 20:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 23:13 - 2014-07-06 20:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 23:13 - 2014-07-06 20:06 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-14 23:13 - 2014-07-06 20:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 23:13 - 2014-07-06 20:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 23:13 - 2014-07-06 20:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 23:13 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 23:13 - 2014-07-06 20:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 23:13 - 2014-07-06 20:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 23:13 - 2014-07-06 20:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 23:13 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 23:13 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 23:13 - 2014-07-06 20:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 23:13 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 23:13 - 2014-07-06 19:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 23:13 - 2014-07-06 19:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 23:13 - 2014-07-06 19:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 23:13 - 2014-07-06 19:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 23:13 - 2014-07-06 19:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 23:13 - 2014-07-06 19:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 23:13 - 2014-07-06 19:40 - 00516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-14 23:13 - 2014-07-06 19:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 23:13 - 2014-07-06 19:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 23:13 - 2014-07-06 19:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 23:13 - 2014-07-06 19:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 23:13 - 2014-07-06 19:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 23:13 - 2014-07-06 19:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 23:13 - 2014-07-06 19:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 23:13 - 2014-07-06 19:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 23:13 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 23:13 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 23:13 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 23:13 - 2014-07-06 19:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 23:13 - 2014-07-06 19:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 23:13 - 2014-07-06 19:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 23:13 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 23:13 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 23:13 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 23:13 - 2014-06-27 18:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 23:13 - 2014-06-27 18:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 23:13 - 2014-06-27 18:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 23:12 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 23:12 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 23:12 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 23:12 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 23:12 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 23:12 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 23:12 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 23:12 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 23:12 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 23:12 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 23:12 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-14 23:12 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 23:12 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 23:12 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 23:12 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 23:12 - 2014-05-30 02:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-14 23:12 - 2014-05-30 02:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-14 23:12 - 2014-05-30 02:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-14 23:12 - 2014-05-30 02:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-14 23:12 - 2014-05-30 01:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-14 23:12 - 2014-05-30 01:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-14 23:12 - 2014-05-30 01:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-14 23:12 - 2014-05-30 01:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 20:15 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\tracing
2014-11-04 19:58 - 2014-06-02 07:28 - 01299000 _____ () C:\Windows\WindowsUpdate.log
2014-11-04 12:13 - 2013-08-31 21:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-03 21:06 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-02 09:42 - 2009-07-13 22:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 09:42 - 2009-07-13 22:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 09:41 - 2009-07-13 23:13 - 00784050 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 09:35 - 2011-03-08 16:32 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-11-02 09:34 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-01 20:08 - 2010-07-07 19:10 - 00000000 ____D () C:\Windows\Panther
2014-11-01 03:29 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-11-01 02:38 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-31 23:18 - 2012-08-23 14:22 - 00002784 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-31 23:15 - 2014-06-14 10:34 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-31 23:15 - 2012-08-23 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-31 23:15 - 2012-08-23 14:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-31 23:09 - 2013-06-25 20:53 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-31 23:09 - 2013-06-25 20:53 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-31 23:02 - 2014-05-22 13:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-31 22:46 - 2014-06-13 17:56 - 00000000 ____D () C:\Windows\erdnt
2014-10-31 20:40 - 2014-07-09 00:12 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2481016137-1897162791-1153571023-1006UA.job
2014-10-31 20:40 - 2014-07-09 00:12 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2481016137-1897162791-1153571023-1006Core.job
2014-10-31 20:30 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-31 19:24 - 2014-07-09 00:12 - 00003926 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2481016137-1897162791-1153571023-1006UA
2014-10-31 19:24 - 2014-07-09 00:12 - 00003530 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2481016137-1897162791-1153571023-1006Core
2014-10-31 15:30 - 2014-07-09 00:20 - 00002402 _____ () C:\Users\GhettoWatta\Desktop\Google Chrome.lnk
2014-10-30 21:28 - 2014-08-16 18:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-30 21:19 - 2014-08-09 12:58 - 00088320 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-30 19:01 - 2014-07-08 15:31 - 00000000 ____D () C:\Users\admin\AppData\Local\Adobe
2014-10-30 18:57 - 2014-08-16 18:48 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-30 18:57 - 2013-10-09 00:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-30 18:57 - 2013-10-09 00:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-30 05:25 - 2010-07-07 16:47 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-25 22:42 - 2014-07-07 21:08 - 00000000 ____D () C:\Users\admin\AppData\Local\NVIDIA
2014-10-25 22:32 - 2014-07-08 22:27 - 00088320 _____ () C:\Users\GhettoWatta\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-25 22:24 - 2014-02-14 21:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-25 21:17 - 2014-07-08 22:24 - 00000000 ____D () C:\Users\GhettoWatta
2014-10-25 20:40 - 2014-08-11 12:16 - 04816104 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-22 17:13 - 2014-07-08 22:24 - 00000000 ____D () C:\Users\GhettoWatta\AppData\Local\Microsoft Help
2014-10-20 13:48 - 2014-07-07 21:08 - 00000000 ____D () C:\Users\admin
2014-10-19 01:43 - 2014-02-28 20:45 - 00000000 ____D () C:\Program Files (x86)\ATT
2014-10-19 01:42 - 2014-07-28 09:53 - 00000000 ____D () C:\Program Files\OBS
2014-10-19 01:42 - 2014-07-28 09:53 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-10-15 03:39 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 03:39 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 03:18 - 2010-09-19 13:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 02:16 - 2013-08-06 08:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 02:16 - 2012-04-20 22:23 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-10-15 02:11 - 2010-07-07 17:28 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-30 22:02

==================== End Of Log ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by GhettoWatta at 2014-11-04 21:21:26
Running from C:\Users\GhettoWatta\Music
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{E52432C6-87E3-4F21-8F6A-AF43224220D1}) (Version: 12.1.2.152 - Adobe Systems, Inc)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
DriverUpdate (HKLM-x32\...\{850A14FC-F410-47F7-94E4-38F4D3F270D4}) (Version: 2.2.30452 - SlimWare Utilities, Inc.)
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2481016137-1897162791-1153571023-1006_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\GhettoWatta\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2481016137-1897162791-1153571023-1006_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\GhettoWatta\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-06-13 18:26 - 2014-10-21 13:15 - 00449906 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03B234D7-025F-44D3-91F6-DA5B0E922935} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-30] (Adobe Systems Incorporated)
Task: {0B63010A-24A1-4650-AD91-B2FC9C4885D2} - System32\Tasks\ReclaimerUpdateXML_Smith => C:\Users\Smith\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: {15C18A4F-CA44-42F2-923B-8C24942B154F} - System32\Tasks\IHSelfDeleteTASK => CMD
Task: {172BF0CA-E0BB-44C3-A09C-219F6545DFAC} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-2481016137-1897162791-1153571023-1001 No Task File <==== ATTENTION
Task: {187DF37D-4611-472B-8015-361E0ACFD9CE} - System32\Tasks\AdobeAAMUpdater-1.0-Smith-PC-Smith => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {29F93FCF-DA9C-49A3-AB24-36CAED558872} - System32\Tasks\Test TimeTrigger => C:\Users\Smith\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {2B647687-E336-4CA4-A9A4-302EA314F6D3} - System32\Tasks\RNUpgradeHelperLogonPrompt_Smith => C:\Users\Smith\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: {2F0CB9FA-5212-4352-8C6E-647E767537F4} - \RealUpgradeLogonTaskS-1-5-21-2481016137-1897162791-1153571023-1001 No Task File <==== ATTENTION
Task: {3334A0A8-9735-4D37-BD7C-F5BF3533571B} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {336D39BF-9069-497B-905C-D69550681C28} - System32\Tasks\4698 => Wscript.exe C:\Users\Smith\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {33F19D59-4BAF-41E8-ADE7-059DFA7CFF71} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {490EF0F9-5789-433E-87AE-2EA7AD51AA62} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {800C3213-C804-4749-93B4-58DACF09B6DC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {800F302F-EB0E-4C75-A398-29142BC8D1E3} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {83CC0CCD-ED2B-4841-9157-23F008A89BE2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2481016137-1897162791-1153571023-1006UA => C:\Users\GhettoWatta\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-09] (Google Inc.)
Task: {93079D5E-FB4D-4504-9D08-26EBC47F89C8} - System32\Tasks\{BB445DD6-9CC7-45AE-8740-45910D59453B} => Firefox.exe
Task: {A86CDF40-4AF6-4ED8-B58D-AA976434883B} - \RealUpgradeScheduledTaskS-1-5-21-2481016137-1897162791-1153571023-1001 No Task File <==== ATTENTION
Task: {A8812D82-DCCD-4FD7-B394-E98B482684AB} - System32\Tasks\ReclaimerUpdateFiles_Smith => C:\Users\Smith\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: {B59BEE71-7304-4DC2-8C6D-E24E465ECD8D} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Portable Booster\\updater.exe
Task: {CBB29007-E4CA-4492-8AE1-19BC6EF4CF26} - \Patch My PC No Task File <==== ATTENTION
Task: {D9D430DB-75F4-4E91-B702-3ACAF5864926} - \avast! Emergency Update No Task File <==== ATTENTION
Task: {E58A70CA-5410-450E-8B97-B99313C5073B} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-2481016137-1897162791-1153571023-1001 No Task File <==== ATTENTION
Task: {F204E84D-9341-461D-8E99-4E1AE15DAA3A} - System32\Tasks\{0D23A923-2DDD-4CEC-AA96-F314CE468B5F} => Firefox.exe
Task: {F826181C-BF37-4837-9F5F-00D7FAE3A681} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2481016137-1897162791-1153571023-1006Core => C:\Users\GhettoWatta\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-09] (Google Inc.)
Task: {F93147D7-C7E6-4259-96EA-F85C47734A49} - System32\Tasks\RNUpgradeHelperResumePrompt_Smith => C:\Users\Smith\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2481016137-1897162791-1153571023-1006Core.job => C:\Users\GhettoWatta\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2481016137-1897162791-1153571023-1006UA.job => C:\Users\GhettoWatta\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-04-12 17:13 - 2011-10-04 21:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
2014-11-04 12:13 - 2014-11-04 12:13 - 03757680 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Avira.OE.ServiceHost => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: WebCake Desktop Updater => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WSearch => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ATT_McciTrayApp => "C:\Program Files\ATT\8.3.1.18\ma\bin\pcTrayApp.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Google Update => "C:\Users\GhettoWatta\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Smith\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe

========================= Accounts: ==========================

admin (S-1-5-21-2481016137-1897162791-1153571023-1004 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2481016137-1897162791-1153571023-500 - Administrator - Disabled)
GhettoWatta (S-1-5-21-2481016137-1897162791-1153571023-1006 - Administrator - Enabled) => C:\Users\GhettoWatta
Guest (S-1-5-21-2481016137-1897162791-1153571023-501 - Administrator - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/04/2014 10:08:19 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{4aaf9442-8a25-11df-8c13-806e6f6e6963} - 0000000000000130,0x0053c008,000000000030FFD0,0,000000000046DB90,4096,[0]).  hr = 0x80070079, The semaphore timeout period has expired.
.


Operation:
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (11/04/2014 09:57:46 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (11/04/2014 00:51:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "AceDAO,language="&#x2a;",processorArchitecture="X86",type="win32",version="12.0.0.0"1".
Dependent Assembly AceDAO,language="&#x2a;",processorArchitecture="X86",type="win32",version="12.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/04/2014 00:20:15 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{4aaf9442-8a25-11df-8c13-806e6f6e6963} - 0000000000000130,0x0053c008,00000000003AFFD0,0,000000000039D9D0,4096,[0]).  hr = 0x80070079, The semaphore timeout period has expired.
.


Operation:
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (11/04/2014 00:10:01 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x81000101).

Error: (11/04/2014 00:10:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (11/03/2014 10:07:31 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{4aaf9442-8a25-11df-8c13-806e6f6e6963} - 0000000000000130,0x0053c008,000000000036FFD0,0,000000000008D8B0,4096,[0]).  hr = 0x80070079, The semaphore timeout period has expired.
.


Operation:
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (11/03/2014 09:57:16 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (11/03/2014 00:30:38 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "AceDAO,language="&#x2a;",processorArchitecture="X86",type="win32",version="12.0.0.0"1".
Dependent Assembly AceDAO,language="&#x2a;",processorArchitecture="X86",type="win32",version="12.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/03/2014 00:20:14 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{4aaf9442-8a25-11df-8c13-806e6f6e6963} - 0000000000000130,0x0053c008,00000000003DFFD0,0,000000000025D9D0,4096,[0]).  hr = 0x80070079, The semaphore timeout period has expired.
.


Operation:
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider


System errors:
=============
Error: (11/04/2014 06:06:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (11/04/2014 10:08:18 AM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (11/04/2014 00:20:15 AM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (11/03/2014 10:07:31 AM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (11/03/2014 00:20:14 AM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (11/02/2014 10:46:04 AM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (11/02/2014 09:35:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058

Error: (11/02/2014 09:35:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Pml Driver HPZ12 service terminated with the following error:
%%2

Error: (11/02/2014 09:35:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Net Driver HPZ12 service terminated with the following error:
%%2

Error: (11/02/2014 09:35:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueSoleilCS service terminated with the following error:
%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-08 00:57:52.991
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-08 00:57:52.882
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-08 00:57:52.772
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-08 00:57:52.663
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-13 19:24:13.949
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-13 19:24:13.746
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon™ Processor LE-1640
Percentage of memory in use: 55%
Total physical RAM: 1918.49 MB
Available physical RAM: 852.84 MB
Total Pagefile: 2942.49 MB
Available Pagefile: 1558.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:139.05 GB) (Free:107.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 66F2E07A)
Partition 1: (Active) - (Size=139 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by Joe-King, 04 November 2014 - 09:22 PM.

  • 0

#4
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi Joe and thanks for the logs.

 

Couple of questions before I continue.

 

Is this machine related to an educational establishment? I ask because there is evidence of this and some proxy servers set. This could be an issue to deal with or it could be part of an institutions network. I don't want to remove something that needs to be there.

 

Also there appears to be remnants of Spybot and PCPitstop antivirus that don't appear to be installed anymore. Have they been uninstalled previously?


  • 0

#5
Joe-King

Joe-King

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts

Hello Ruggie

No this is a personal Desktop computer at my house. The proxy server stuff is from awhile back when i was using different proxies to gain access to other countries for making different flags. (King.com) There was a battle going on to see who could have the most country flags...Lol Sounds lame i know. :)

 

Yes i Had Spybot Search & Destroy but i deleted it awhile back. Also the (PCPitstop/Make your computer awesome) Leaches are just here because of downloading other programs and those were just some of the stuff that got added along with it. The majority of those programs/Apps are deleted but im sure still have traces left over in my pc


Edited by Joe-King, 05 November 2014 - 11:14 AM.

  • 0

#6
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

No problem. Thanks for the info.


  • 0

#7
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi Joe, sorry for the delay. Let's start to get you sorted.


Step 1

FRST Fix

If FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached fixlist.txt and save it to your desktop <<< very important - it must be in the same location as FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Please reboot the system.

Step 2

Msconfig

  • Log on to the computer by using an account that has administrator rights.
  • Click Start, type msconfig.exe in the Start Search box, and then press Enter to start the System Configuration utility.
  • Note If you are prompted for an administrator password or for confirmation, you should type the password or provide confirmation.
  • On the Startup tab, ensure there is a check box next to the following item(s) to enable it/them
    • MSC
  • Click OK, and then click Restart.

Step 3

We need to uninstall some programs.

Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.

Select the following programs from the list below, one at a time and click Uninstall.

  • DriverUpdate
  • TuneUp Utilities 2014

I see that you have CCleaner installed and have used it to clean your Registry. CCleaner is a good program but we recommend that you not use the Registry cleaning module. We don't recommend any Registry cleaners/optimizers. One of the ways they work is to list Registry entries that haven't been used within a certain time frame. So if they flag a Registry entry for a needed file that just hasn't been used in a long time they can cause damage to your system. Even to the point of rendering it unbootable.

Unless you are absolutely sure that you know exactly what they are removing, don't use them.

Step 4
Supplemental FRST Scan
Please run FRST64 again from your Desktop. If you do not currently have it on your system, download it from here and save it to your desktop.

  • Right click frst.png to run as administrator. When the tool opens click Yes to the disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.

 

Items I need to see in your next post:

  • FRST fixlog
  • Did the uninstalls for driverupdate and TuneUp Utilities 2014 go ok?
  • Fresh FRST Log

  • 1

#8
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

And here is the fixlist I didn't attach - oops Attached File  fixlist.txt   3.86KB   81 downloads


  • 1

#9
Joe-King

Joe-King

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts

Ok That fixlog is done and the results page will be as followed now i will continue with the other instructions.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by GhettoWatta at 2014-11-07 13:06:01 Run:1
Running from C:\Users\GhettoWatta\Desktop
Loaded Profile: GhettoWatta (Available profiles: admin & GhettoWatta)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk /r \??\J:autocheck autochk * sdnclean64.exe
GroupPolicyUsers\S-1-5-21-2481016137-1897162791-1153571023-1006\User: Group Policy restriction detected <======= ATTENTION
ProxyServer: localhost:8080
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2481016137-1897162791-1153571023-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
FF NetworkProxy: "http", "118.70.125.6"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 4
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npganymedenet.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmidas.dll (Midasplayer Ltd)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-09-26] ()
U3 alg74jha; C:\Windows\System32\Drivers\alg74jha.sys [0 ] (Microsoft Corporation)
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]
NETSVC: mksvirmonsvc -> No ServiceDLL Path.
Task: {172BF0CA-E0BB-44C3-A09C-219F6545DFAC} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-2481016137-1897162791-1153571023-1001 No Task File <==== ATTENTION
Task: {29F93FCF-DA9C-49A3-AB24-36CAED558872} - System32\Tasks\Test TimeTrigger => C:\Users\Smith\AppData\Local\Temp\Runner.exe <==== ATTENTION
C:\Users\Smith\AppData\Local\Temp\Runner.exe
Task: {2F0CB9FA-5212-4352-8C6E-647E767537F4} - \RealUpgradeLogonTaskS-1-5-21-2481016137-1897162791-1153571023-1001 No Task File <==== ATTENTION
Task: {336D39BF-9069-497B-905C-D69550681C28} - System32\Tasks\4698 => Wscript.exe C:\Users\Smith\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
C:\Users\Smith\AppData\Local\Temp\launchie.vbs
Task: {490EF0F9-5789-433E-87AE-2EA7AD51AA62} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {A86CDF40-4AF6-4ED8-B58D-AA976434883B} - \RealUpgradeScheduledTaskS-1-5-21-2481016137-1897162791-1153571023-1001 No Task File <==== ATTENTION
Task: {B59BEE71-7304-4DC2-8C6D-E24E465ECD8D} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Portable Booster\\updater.exe
Task: {CBB29007-E4CA-4492-8AE1-19BC6EF4CF26} - \Patch My PC No Task File <==== ATTENTION
Task: {D9D430DB-75F4-4E91-B702-3ACAF5864926} - \avast! Emergency Update No Task File <==== ATTENTION
C:\Program Files (x86)\Portable Booster
Task: {E58A70CA-5410-450E-8B97-B99313C5073B} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-2481016137-1897162791-1153571023-1001 No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
2014-10-19 16:39 - 2014-10-19 21:23 - 00000000 ____D () C:\Users\GhettoWatta\AppData\Roaming\uTorrent
hosts:
emptytemp:
end
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2481016137-1897162791-1153571023-1006\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2481016137-1897162791-1153571023-1006\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{FFB3A759-98B1-446F-BDA9-909C6EB18CC7}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FFB3A759-98B1-446F-BDA9-909C6EB18CC7}" => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npganymedenet.dll ( ) => Error: No automatic fix found for this entry.
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmidas.dll (Midasplayer Ltd) => Error: No automatic fix found for this entry.
SWDUMon => Service deleted successfully.
alg74jha => Service not found.
TuneUpUtilitiesDrv => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs mksvirmonsvc => Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{172BF0CA-E0BB-44C3-A09C-219F6545DFAC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{172BF0CA-E0BB-44C3-A09C-219F6545DFAC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeLogonTaskS-1-5-21-2481016137-1897162791-1153571023-1001" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29F93FCF-DA9C-49A3-AB24-36CAED558872}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29F93FCF-DA9C-49A3-AB24-36CAED558872}" => Key deleted successfully.
C:\Windows\System32\Tasks\Test TimeTrigger => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger" => Key deleted successfully.
"C:\Users\Smith\AppData\Local\Temp\Runner.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2F0CB9FA-5212-4352-8C6E-647E767537F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F0CB9FA-5212-4352-8C6E-647E767537F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeLogonTaskS-1-5-21-2481016137-1897162791-1153571023-1001" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{336D39BF-9069-497B-905C-D69550681C28}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{336D39BF-9069-497B-905C-D69550681C28}" => Key deleted successfully.
C:\Windows\System32\Tasks\4698 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4698" => Key deleted successfully.
"C:\Users\Smith\AppData\Local\Temp\launchie.vbs" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{490EF0F9-5789-433E-87AE-2EA7AD51AA62}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{490EF0F9-5789-433E-87AE-2EA7AD51AA62}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A86CDF40-4AF6-4ED8-B58D-AA976434883B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A86CDF40-4AF6-4ED8-B58D-AA976434883B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeScheduledTaskS-1-5-21-2481016137-1897162791-1153571023-1001" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B59BEE71-7304-4DC2-8C6D-E24E465ECD8D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B59BEE71-7304-4DC2-8C6D-E24E465ECD8D}" => Key deleted successfully.
C:\Windows\System32\Tasks\AI_Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AI_Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBB29007-E4CA-4492-8AE1-19BC6EF4CF26}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBB29007-E4CA-4492-8AE1-19BC6EF4CF26}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Patch My PC" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D9D430DB-75F4-4E91-B702-3ACAF5864926}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9D430DB-75F4-4E91-B702-3ACAF5864926}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update" => Key deleted successfully.
"C:\Program Files (x86)\Portable Booster" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E58A70CA-5410-450E-8B97-B99313C5073B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E58A70CA-5410-450E-8B97-B99313C5073B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2481016137-1897162791-1153571023-1001" => Key deleted successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\ProgramData\TEMP => ":CB0AACC9" ADS removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{14C8CE46-C68C-461B-BCA9-E276A85851C6}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}\\SystemComponent => value deleted successfully.
C:\Users\GhettoWatta\AppData\Roaming\uTorrent => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 257.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====


  • 0

#10
Joe-King

Joe-King

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts

My Programs and Features does not seem to be working corectly, I click on the one of the 2 programs you mentioned and click uninstall but it only stays on the same page not removing the program?


  • 0

Advertisements


#11
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Is it Tune up utilities?


  • 0

#12
Joe-King

Joe-King

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts

Yes i can not click uninstall on Tune up utilities period. But even the Driver Update i click uninstall on that one and it stays on the (Prepairing to remove) Page.


  • 0

#13
Joe-King

Joe-King

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts

Tuneup utilites does not even let me click it. (As in right click and repair or Uninstall)


  • 0

#14
Joe-King

Joe-King

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts

I finally got the Driver Updates program to delete. But both Tune up Utilites are still there. Is there another way i can delete those?


  • 0

#15
Joe-King

Joe-King

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts

Ok i know this is not what you asked me to do. But i hope it is ok, I have opened CCleaner and used the Uninstall tool in it and it is almost done uninstalling the TuneUp Utilities 2014 when it is done i will post my FRST.txt


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP