Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

No system restore,some antivirus not working and graphics glitchingg

Started by henrymills , Dec 18 2014 05:12 PM

  • Please log in to reply

#1
henrymills
Posted 18 December 2014 - 05:12 PM

henrymills

    Member

  • Member
  • PipPip
  • 47 posts

Hello,

It all started when I try to install bluetooth driver for my Heaedset called CSR.I installed it and when it doesnt run I tried to unsintall it but got Error 2738 could not access VBScript run time for custom action.So I register the dll,run sfc scannow and uninstalled my antivirus.Then i tied to install bluetooth driver for CSR from this website http://www.komeil.co...dset-windows-7. The day after that I noticed I cant do system restore even if there's a rstore point,then it became worst the next day and the system restore stuck on searching.WIth it comes graphics glitches,sometimes crashing my video card's driver,and I noticed I can run any antivirus.First I run rkill.exe it push through,then I run Avast and Malwarebytes both didnt work.Then i run Tdsskiller and it didnt work too,then Gmer which worked.I tried to run Malwarebytes antrootkit and Malwarebytes Chameleon which should work on infected machine and both didnt work.So i decided to uninstall my video cards driver and installd default windws driver to check if itll help,and it did.Some of the gitches were gone and I can finally run Malwarebytes and combofix.This is the log from otl

 

OTL logfile created on: 12/19/2014 2:22:15 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MyEminence\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.42% Memory free
7.81 Gb Paging File | 6.66 Gb Available in Paging File | 85.26% Paging File free
Paging file location(s): c:\pagefile.sys 2000 2000d:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 169.41 Gb Total Space | 7.99 Gb Free Space | 4.72% Space Free | Partition Type: NTFS
Drive D: | 63.48 Gb Total Space | 9.64 Gb Free Space | 15.19% Space Free | Partition Type: NTFS
 
Computer Name: ME-PC | User Name: MyEminence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/19 02:15:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MyEminence\Downloads\OTL.exe
PRC - [2014/12/13 22:00:44 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/12/20 02:37:25 | 001,819,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/12/20 02:37:25 | 000,930,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/12/10 10:22:32 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013/12/10 10:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2012/11/12 13:59:15 | 000,657,504 | ---- | M] () -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
PRC - [2011/09/19 16:59:40 | 000,192,832 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2011/09/19 16:59:36 | 000,135,488 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
PRC - [2011/06/24 11:49:46 | 000,269,648 | ---- | M] () -- C:\Program Files\SMART BRO\AssistantServices.exe
PRC - [2011/05/27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/04/29 22:44:56 | 000,092,320 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe
PRC - [2011/04/29 22:44:54 | 002,918,576 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2011/04/29 18:31:12 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2011/04/19 16:29:42 | 000,152,576 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
PRC - [2011/03/14 23:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2011/03/14 23:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2011/01/12 22:35:52 | 000,069,864 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/06/08 19:39:18 | 000,393,216 | ---- | M] () -- C:\Program Files\GenArts\Monsters-AE\bin\JawsServerAE.exe
PRC - [2010/06/04 14:09:46 | 000,704,512 | ---- | M] () -- C:\Program Files\GenArts\Monsters-AE\bin\FlowFinder3MonstersAE32.exe
PRC - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
PRC - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2009/04/11 21:19:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 21:19:17 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2007/02/12 12:18:50 | 000,924,160 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/13 22:00:13 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2011/04/29 22:44:56 | 000,084,480 | ---- | M] () -- C:\Windows\System32\EasyHook32.dll
MOD - [2011/04/29 22:44:55 | 000,053,248 | ---- | M] () -- C:\Program Files\DAP\zlib.dll
MOD - [2011/04/19 16:29:42 | 000,132,608 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
MOD - [2010/07/05 05:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe -- (CsrBtService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe -- (CsrBtOBEXService)
SRV - [2014/12/13 13:51:50 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/10 23:05:59 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/12/10 10:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2012/11/12 13:59:15 | 000,657,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Globe Tattoo Broadband\UpdateDog\ouc.exe -- (Globe Tattoo Broadband. RunOuc)
SRV - [2011/09/19 16:59:40 | 000,192,832 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2011/08/15 10:02:12 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/06/24 11:49:46 | 000,269,648 | ---- | M] () [Auto | Running] -- C:\Program Files\SMART BRO\AssistantServices.exe -- (UI Assistant Service)
SRV - [2011/05/27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011/05/02 18:05:28 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/19 16:29:42 | 000,152,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2011/03/14 23:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2011/01/12 22:35:52 | 000,069,864 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/06/08 19:39:18 | 000,393,216 | ---- | M] () [Auto | Running] -- C:\Program Files\GenArts\Monsters-AE\bin\JawsServerAE.exe -- (JawsServerAE)
SRV - [2010/06/04 14:09:46 | 000,704,512 | ---- | M] () [Auto | Running] -- C:\Program Files\GenArts\Monsters-AE\bin\FlowFinder3MonstersAE32.exe -- (FlowFinder3MonstersAE32)
SRV - [2010/06/03 11:13:04 | 001,540,096 | ---- | M] (Reprise Software Inc.) [On_Demand | Stopped] -- C:\Program Files\GenArts\rlm\rlm.exe -- (RLM-GenArts)
SRV - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2008/01/21 10:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/14 00:17:00 | 000,411,136 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Windows\System32\HFGService.dll -- (HFGService)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/12 12:18:50 | 000,924,160 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\taphss6.sys -- (taphss6)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MYEMIN~1\AppData\Local\Temp\GPU-Z.sys -- (GPU-Z)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\csrusb.sys -- (csrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CsrBtPort.sys -- (CsrBtPort)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Marcus\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwavdt.sys -- (btwavdt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BthAudioHF.sys -- (BthAudioHF)
DRV - [2014/12/19 02:18:28 | 000,114,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/12/19 02:17:43 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2014/11/21 06:14:16 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/11/21 06:14:06 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/06/16 14:01:38 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudserd.sys -- (ssudserd)
DRV - [2014/06/16 14:01:38 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2014/06/16 14:01:38 | 000,089,856 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/12/20 04:26:04 | 010,471,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/10/30 12:42:16 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2012/10/29 19:42:46 | 000,070,272 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2012/08/20 08:54:20 | 000,027,520 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2012/08/20 08:54:18 | 000,096,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012/08/20 08:54:18 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/04/20 14:14:22 | 000,249,472 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/12/31 09:20:24 | 000,199,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/05/22 22:51:26 | 000,020,216 | ---- | M] (REALiX™) [Kernel | System | Running] -- C:\Program Files\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2011/03/26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbvoice.sys -- (ZTEusbvoice)
DRV - [2011/03/26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2011/03/26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2011/03/26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2011/03/26 10:37:12 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2011/03/23 10:20:18 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2011/02/16 17:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2011/01/12 22:35:48 | 000,125,672 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011/01/10 18:16:16 | 000,018,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger)
DRV - [2010/12/22 05:28:30 | 000,048,128 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthav.sys -- (csr_a2dp)
DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/05/11 02:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/02 09:11:16 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/05/09 17:25:18] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010/02/18 02:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/09/15 13:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvoclock.sys -- (nvoclock)
DRV - [2009/06/22 16:49:00 | 000,247,320 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2008/08/06 16:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/02/12 12:17:40 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/02/12 12:17:24 | 000,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/02/12 12:14:52 | 000,010,624 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2007/02/12 12:14:42 | 000,112,384 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/09/24 21:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 A1 53 C5 6A 64 2F 02  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {94E419C3-31B9-40A7-8414-E474140D96EF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{94E419C3-31B9-40A7-8414-E474140D96EF}: "URL" = http://www.google.co...{outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://home.speedbit.../?pid=%s&aid=%s"
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
 
FF - user.js..browser.startup.homepage: "http://home.speedbit.../?pid=%s&aid=%s"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/12/13 22:00:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/14 22:22:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/24 16:58:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox2\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox2\plugins [2013/11/24 16:58:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2011/04/29 22:45:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\MyEminence\AppData\Roaming\IDM\idmmzcc3
 
[2011/03/12 10:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Extensions
[2014/12/13 13:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\2isryo5x.jamocha\extensions
[2014/09/08 16:11:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\2isryo5x.jamocha\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/12/13 13:51:58 | 000,000,000 | ---D | M] ("Flash Video Downloader - YouTube HD Download [4K]") -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\2isryo5x.jamocha\extensions\[email protected]
[2014/07/13 00:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\2k1echgk.SINN\extensions
[2014/04/12 12:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\7h9u3pwa.AllyEml\extensions
[2014/02/04 17:45:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\7h9u3pwa.AllyEml\extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}
[2014/04/12 12:14:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\7h9u3pwa.AllyEml\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/07/13 00:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\7udqw10n.justbrowse\extensions
[2014/11/09 20:59:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\bpiduon3.Pronjack\extensions
[2014/07/13 00:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\e95fwen3.youtube\extensions
[2014/07/13 00:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\f0m3bzxo.neweragain\extensions
[2014/07/13 00:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\k4aolroc.Witchever\extensions
[2011/11/18 20:09:15 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\k4aolroc.Witchever\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2014/07/13 00:37:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\pmsq0194.Desperado\extensions
[2014/07/13 00:40:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\pmw0ypsj.noSa\extensions
[2011/12/05 22:48:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\pmw0ypsj.noSa\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/12/05 22:37:07 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\pmw0ypsj.noSa\extensions\[email protected]
[2014/07/13 00:44:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\wzlrxbcq.MOCHACHO\extensions
[2013/12/17 18:23:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\wzlrxbcq.MOCHACHO\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/01/29 16:14:14 | 000,000,000 | ---D | M] ("Flash Video Downloader") -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\wzlrxbcq.MOCHACHO\extensions\[email protected]
[2014/07/13 00:42:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\xidld2u0.Hastings\extensions
[2014/10/28 17:14:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\yt7spcd8.Serpindor\extensions
[2014/10/28 17:14:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\yt7spcd8.Serpindor\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/07/13 00:15:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\ywjnhiw1.default\extensions
[2011/08/16 17:58:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\ywjnhiw1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/10/28 22:39:11 | 000,392,243 | ---- | M] () (No name found) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\2isryo5x.jamocha\extensions\[email protected]
[2014/09/30 17:02:32 | 000,105,346 | ---- | M] () (No name found) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\2isryo5x.jamocha\extensions\[email protected]
[2014/11/19 06:41:33 | 000,020,782 | ---- | M] () (No name found) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\2isryo5x.jamocha\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2014/04/12 12:14:20 | 000,380,083 | ---- | M] () (No name found) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\7h9u3pwa.AllyEml\extensions\[email protected]
[2014/02/04 17:52:08 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\7h9u3pwa.AllyEml\extensions\[email protected]
[2014/04/12 12:42:45 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\7h9u3pwa.AllyEml\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2014/11/09 21:18:44 | 000,002,520 | ---- | M] () -- C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\ywjnhiw1.default\searchplugins\speedbit.xml
[2013/11/29 16:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/23 20:54:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/22 01:59:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012/01/22 01:58:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/12/15 12:32:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O4 - HKCU..\Run: [zASRockInstantBoot]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O16 - DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} http://clients.futur...y/FMSI_v420.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81CE8E85-A8F4-4C39-B093-F1C2DA72357B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9868F5BD-DB91-49AE-8FF3-F485C69B1313}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9E2C173-1BE8-4EEA-84D3-4B07CD078812}: DhcpNameServer = 192.168.0.1 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - No CLSID value found.
O24 - Desktop WallPaper: C:\po\videocacheview_2\MyMasterChef\QuezonVacation\FromUncleGerryNMom\20141117_091707_tonemapped.jpg
O24 - Desktop BackupWallPaper: C:\po\videocacheview_2\MyMasterChef\QuezonVacation\FromUncleGerryNMom\20141117_091707_tonemapped.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{04b2a0fd-7254-11e1-9dd2-0025222896a8}\Shell - "" = AutoRun
O33 - MountPoints2\{04b2a0fd-7254-11e1-9dd2-0025222896a8}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{07d3489a-7b9d-11de-9c22-0025222896a8}\Shell - "" = AutoRun
O33 - MountPoints2\{07d3489a-7b9d-11de-9c22-0025222896a8}\Shell\AutoRun\command - "" = H:\Autorun.exe
O33 - MountPoints2\{15946b6b-6d5f-11de-8cd9-001e101f4da1}\Shell - "" = AutoRun
O33 - MountPoints2\{15946b6b-6d5f-11de-8cd9-001e101f4da1}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{210892a5-f0d6-11e0-b15d-001e101f859f}\Shell - "" = AutoRun
O33 - MountPoints2\{210892a5-f0d6-11e0-b15d-001e101f859f}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{231ccf19-f34d-11e0-842c-001e101f63cf}\Shell - "" = AutoRun
O33 - MountPoints2\{231ccf19-f34d-11e0-842c-001e101f63cf}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{38d1f3c7-5ea8-11e1-a900-0025222896a8}\Shell - "" = AutoRun
O33 - MountPoints2\{38d1f3c7-5ea8-11e1-a900-0025222896a8}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{38d1f3c9-5ea8-11e1-a900-0025222896a8}\Shell - "" = AutoRun
O33 - MountPoints2\{38d1f3c9-5ea8-11e1-a900-0025222896a8}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{43597eb5-72ee-11e0-b0c6-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{43597eb5-72ee-11e0-b0c6-001e101f2b52}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{46696773-61de-11e1-8fac-0025222896a8}\Shell\AutoRun\command - "" = K:\PMBP_Win.exe
O33 - MountPoints2\{5512e6d5-609e-11e3-8625-9477a1e18dba}\Shell - "" = AutoRun
O33 - MountPoints2\{5512e6d5-609e-11e3-8625-9477a1e18dba}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5512e6e8-609e-11e3-8625-a3bccb6e203d}\Shell - "" = AutoRun
O33 - MountPoints2\{5512e6e8-609e-11e3-8625-a3bccb6e203d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5512e6f4-609e-11e3-8625-9049f7ab1889}\Shell - "" = AutoRun
O33 - MountPoints2\{5512e6f4-609e-11e3-8625-9049f7ab1889}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5512e6fe-609e-11e3-8625-9efe45c5f993}\Shell - "" = AutoRun
O33 - MountPoints2\{5512e6fe-609e-11e3-8625-9efe45c5f993}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5512e708-609e-11e3-8625-d644696767c1}\Shell - "" = AutoRun
O33 - MountPoints2\{5512e708-609e-11e3-8625-d644696767c1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6178bd78-5a68-11e3-816c-74d435355476}\Shell - "" = AutoRun
O33 - MountPoints2\{6178bd78-5a68-11e3-816c-74d435355476}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6178bd9b-5a68-11e3-816c-74d435355476}\Shell - "" = AutoRun
O33 - MountPoints2\{6178bd9b-5a68-11e3-816c-74d435355476}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{88b92766-5cce-11e0-a51c-001e101fe70e}\Shell - "" = AutoRun
O33 - MountPoints2\{88b92766-5cce-11e0-a51c-001e101fe70e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{88e2c96b-5d8b-11e3-948c-d95ab5731eb1}\Shell - "" = AutoRun
O33 - MountPoints2\{88e2c96b-5d8b-11e3-948c-d95ab5731eb1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{88e2c987-5d8b-11e3-948c-bae8772016a8}\Shell - "" = AutoRun
O33 - MountPoints2\{88e2c987-5d8b-11e3-948c-bae8772016a8}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{9541c39c-5cac-11e3-a679-74d435355476}\Shell - "" = AutoRun
O33 - MountPoints2\{9541c39c-5cac-11e3-a679-74d435355476}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b2cc42e8-c064-11e3-989f-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{b2cc42e8-c064-11e3-989f-001e101f2500}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d99a7035-49ed-11e0-a4b7-0025222896a8}\Shell - "" = AutoRun
O33 - MountPoints2\{d99a7035-49ed-11e0-a4b7-0025222896a8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d99a7045-49ed-11e0-a4b7-001e101f4da1}\Shell - "" = AutoRun
O33 - MountPoints2\{d99a7045-49ed-11e0-a4b7-001e101f4da1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e805b2d8-6b0f-11de-b10d-0025222896a8}\Shell - "" = AutoRun
O33 - MountPoints2\{e805b2d8-6b0f-11de-b10d-0025222896a8}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ff813c89-bf71-11e3-8646-74d435355476}\Shell - "" = AutoRun
O33 - MountPoints2\{ff813c89-bf71-11e3-8646-74d435355476}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2099/12/15 19:44:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\Plugins
[2014/12/15 12:38:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/12/15 12:38:31 | 000,000,000 | ---D | C] -- C:\Users\MyEminence\AppData\Local\temp
[2014/12/15 12:30:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/12/15 11:56:09 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/12/14 07:55:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/12/14 07:55:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/12/14 07:55:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/12/14 07:55:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/12/14 07:54:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/12/13 22:49:13 | 000,000,000 | ---D | C] -- C:\Users\MyEminence\AppData\Roaming\AVAST Software
[2014/12/13 22:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/12/13 22:36:18 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/12/13 22:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/12/13 22:27:00 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/12/13 22:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/12/13 22:26:45 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/12/13 22:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
[2014/12/13 22:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes Anti-Exploit
[2014/12/13 22:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Exploit
[2014/12/13 22:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
[2014/12/13 22:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2014/12/13 22:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2014/12/13 22:00:19 | 000,057,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/12/13 22:00:18 | 000,423,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014/12/13 22:00:18 | 000,070,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/12/13 22:00:17 | 000,055,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2014/12/13 22:00:16 | 000,787,800 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014/12/13 22:00:15 | 000,291,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/12/13 22:00:13 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/12/10 22:28:47 | 000,046,592 | ---- | C] (CSR, plc) -- C:\Windows\System32\HFGService_PS.dll
[2014/12/10 09:45:40 | 000,048,128 | ---- | C] (Cambridge Silicon Radio Limited) -- C:\Windows\System32\drivers\bthav.sys
[2014/12/10 03:57:59 | 000,000,000 | ---D | C] -- C:\Users\MyEminence\AppData\Local\VS Revo Group
[2014/12/10 03:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2014/12/10 03:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2014/12/10 03:57:52 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2014/12/10 03:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/12/09 20:25:23 | 000,411,136 | ---- | C] (CSR, plc) -- C:\Windows\System32\HFGService.dll
[2014/12/09 01:28:32 | 000,000,000 | ---D | C] -- C:\BluetoothExchangeFolder
[2014/12/09 00:55:59 | 000,000,000 | ---D | C] -- C:\Drivers
[2014/12/09 00:36:00 | 000,000,000 | ---D | C] -- C:\Users\MyEminence\AppData\Local\Apps
[2014/12/09 00:35:59 | 000,000,000 | ---D | C] -- C:\Users\MyEminence\AppData\Local\Deployment
[2014/12/08 22:00:54 | 000,000,000 | ---D | C] -- C:\Users\MyEminence\Documents\Bluetooth Exchange Folder
[2014/12/08 21:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2014/12/05 23:17:35 | 000,000,000 | ---D | C] -- C:\Users\MyEminence\AppData\Local\Faculty_of_Organization_a
[2014/12/05 23:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\Remoter for Windows
[2014/12/02 20:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/12/02 20:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/12/02 19:21:44 | 005,006,864 | ---- | C] (AVAST Software) -- C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
[2014/12/02 16:46:27 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/11/26 18:34:15 | 000,000,000 | ---D | C] -- C:\Users\MyEminence\Documents\freenote_export
[2014/11/21 12:13:08 | 000,000,000 | ---D | C] -- C:\Users\MyEminence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blade and Soul
[2014/11/21 01:59:34 | 000,000,000 | ---D | C] -- C:\Users\MyEminence\AppData\Local\BNSUpdater
[2014/11/21 01:23:00 | 000,000,000 | ---D | C] -- C:\Users\MyEminence\AppData\Roaming\Awesomium
[2014/11/21 01:22:00 | 000,000,000 | ---D | C] -- C:\Users\MyEminence\Documents\BnS
[2014/11/21 00:30:15 | 000,000,000 | ---D | C] -- C:\Users\MyEminence\AppData\Roaming\REngLauncher
[2014/11/20 23:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blade and Soul
[4 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/19 02:28:25 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/12/19 02:24:03 | 000,647,326 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/12/19 02:24:03 | 000,120,356 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/12/19 02:23:25 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/19 02:23:25 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/19 02:17:45 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/19 02:17:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/19 02:15:40 | 000,001,208 | ---- | M] () -- C:\Users\MyEminence\Desktop\My DAP Downloads.lnk
[2014/12/15 13:13:31 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/12/15 13:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/15 12:32:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/12/14 23:44:04 | 000,000,155 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2014/12/14 07:51:41 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/13 22:06:17 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2014/12/13 22:05:49 | 000,002,032 | ---- | M] () -- C:\Users\MyEminence\AppData\Local\d3d9caps.dat
[2014/12/13 22:00:46 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014/12/13 22:00:37 | 000,787,800 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014/12/13 22:00:29 | 000,423,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014/12/13 22:00:25 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2014/12/13 22:00:14 | 000,206,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/12/13 22:00:14 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/12/13 22:00:14 | 000,057,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/12/13 22:00:14 | 000,055,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2014/12/13 22:00:14 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/12/13 22:00:14 | 000,024,184 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/12/13 22:00:13 | 000,291,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/12/13 22:00:13 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/12/12 18:14:01 | 000,000,107 | ---- | M] () -- C:\Windows\System32\list
[2014/12/12 16:28:30 | 000,000,300 | ---- | M] () -- C:\Users\MyEminence\Desktop\MyEminence - Shortcut.lnk
[2014/12/12 06:10:22 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/11 23:02:08 | 000,070,656 | ---- | M] () -- C:\Users\MyEminence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/12/10 03:57:56 | 000,001,089 | ---- | M] () -- C:\Users\MyEminence\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014/12/10 03:57:56 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2014/12/09 18:42:11 | 000,254,534 | ---- | M] () -- C:\Users\MyEminence\Documents\cc_20141209_184149.reg
[2014/12/09 16:58:31 | 000,001,846 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2014/12/09 01:28:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_CsrBtPort_01009.Wdf
[2014/12/09 01:28:06 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_csrusb_01009.Wdf
[2014/12/02 19:23:23 | 005,006,864 | ---- | M] (AVAST Software) -- C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
[2014/12/02 18:13:08 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2014/12/01 22:01:27 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2014/11/30 21:06:29 | 000,000,212 | ---- | M] () -- C:\PowerDVD10.sim
[2014/11/21 06:14:16 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/11/21 06:14:10 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/11/21 06:14:06 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/11/20 23:40:28 | 000,000,783 | ---- | M] () -- C:\Users\Public\Desktop\Blade and Soul.lnk
[4 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/14 07:55:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/12/14 07:55:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/12/14 07:55:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/12/14 07:55:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/12/14 07:55:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/12/13 22:36:20 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/13 22:06:17 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2014/12/13 22:00:46 | 000,001,889 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
[2014/12/13 22:00:46 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014/12/13 22:00:25 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2014/12/13 22:00:19 | 000,206,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/12/13 22:00:18 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/12/13 22:00:17 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/12/12 18:13:59 | 000,000,107 | ---- | C] () -- C:\Windows\System32\list
[2014/12/12 16:28:30 | 000,000,300 | ---- | C] () -- C:\Users\MyEminence\Desktop\MyEminence - Shortcut.lnk
[2014/12/10 03:57:56 | 000,001,089 | ---- | C] () -- C:\Users\MyEminence\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014/12/10 03:57:56 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2014/12/09 18:41:52 | 000,254,534 | ---- | C] () -- C:\Users\MyEminence\Documents\cc_20141209_184149.reg
[2014/12/09 01:28:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_CsrBtPort_01009.Wdf
[2014/12/09 01:28:06 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_csrusb_01009.Wdf
[2014/12/01 22:01:27 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2014/11/30 21:06:29 | 000,000,212 | ---- | C] () -- C:\PowerDVD10.sim
[2014/11/20 23:40:28 | 000,000,783 | ---- | C] () -- C:\Users\Public\Desktop\Blade and Soul.lnk
[2014/04/30 19:47:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2014/04/30 19:47:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2014/04/30 19:47:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2014/04/30 19:47:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2014/04/30 19:47:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/11/26 17:29:10 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe
[2013/11/26 17:29:10 | 000,018,544 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys
[2013/11/26 17:12:35 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/08/16 20:09:04 | 000,001,100 | ---- | C] () -- C:\Users\MyEminence\AppData\Local\d3d8caps.dat
[2011/03/12 14:56:50 | 000,000,036 | ---- | C] () -- C:\Users\MyEminence\AppData\Local\housecall.guid.cache
[2011/02/25 10:44:28 | 000,070,656 | ---- | C] () -- C:\Users\MyEminence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/21 13:52:50 | 000,002,032 | ---- | C] () -- C:\Users\MyEminence\AppData\Local\d3d9caps.dat
[2010/01/31 11:06:18 | 000,008,046 | ---- | C] () -- C:\Program Files\Common Files\setupBanner.jpg
[2009/04/14 16:07:42 | 000,037,607 | ---- | C] () -- C:\Program Files\Common Files\license.rtf
 
========== ZeroAccess Check ==========
 
[2006/11/02 20:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/22 00:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 21:19:30 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 21:19:19 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/03/02 05:36:24 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\Anvil Studio
[2011/05/18 06:44:30 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\AnvSoft
[2014/06/29 00:55:44 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\Audacity
[2014/12/13 22:49:13 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\AVAST Software
[2014/11/21 01:23:00 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\Awesomium
[2014/12/19 02:39:17 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\BitTorrent
[2012/02/28 20:27:15 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\Canon
[2011/04/10 20:48:01 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\DMCache
[2011/07/21 21:42:59 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\fltk.org
[2011/02/23 08:55:24 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\Foxit
[2011/02/23 08:55:25 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\Foxit Software
[2011/10/07 02:31:00 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\HandBrake
[2014/06/04 08:59:18 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\HDRsoft
[2011/10/27 15:14:16 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\IDM
[2011/11/17 22:02:12 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\Megaupload
[2011/10/07 00:30:59 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\mkvtoolnix
[2013/03/11 02:48:32 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\MotioninJoy
[2011/11/26 01:35:58 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\Notepad++
[2014/01/27 20:59:44 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\Opera Software
[2014/11/24 01:36:10 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\REngLauncher
[2011/09/16 08:07:06 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\runic games
[2014/09/14 21:26:11 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\Samsung
[2012/02/19 23:24:18 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\SystemRequirementsLab
[2011/10/11 06:59:39 | 000,000,000 | ---D | M] -- C:\Users\MyEminence\AppData\Roaming\Thinstall
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2011/09/20 01:58:50 | 000,521,669 | ---- | M] ()(C:\Users\MyEminence\Documents\???????????? - The best of The Teen Girls - Update Hard.htm) -- C:\Users\MyEminence\Documents\พิมพ์หน้านี้ - The best of The Teen Girls - Update Hard.htm
[2011/09/20 01:46:47 | 000,521,669 | ---- | C] ()(C:\Users\MyEminence\Documents\???????????? - The best of The Teen Girls - Update Hard.htm) -- C:\Users\MyEminence\Documents\พิมพ์หน้านี้ - The best of The Teen Girls - Update Hard.htm
[2011/09/20 01:46:45 | 000,000,000 | ---D | M](C:\Users\MyEminence\Documents\???????????? - The best of The Teen Girls - Update Hard_files) -- C:\Users\MyEminence\Documents\พิมพ์หน้านี้ - The best of The Teen Girls - Update Hard_files
[2011/09/20 01:46:23 | 000,000,000 | ---D | C](C:\Users\MyEminence\Documents\???????????? - The best of The Teen Girls - Update Hard_files) -- C:\Users\MyEminence\Documents\พิมพ์หน้านี้ - The best of The Teen Girls - Update Hard_files
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:553CA6CA

< End of report >


  • 0

Advertisements

#2
zep516
Posted 18 December 2014 - 05:35 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Drive C: | 169.41 Gb Total Space | 7.99 Gb Free Space | 4.72% Space Free | Partition Type: NTFS

You're running out of free space, probably why system restore is having issues as is the rest of the computer. We need 20% free space or the drive will eventually stop working.

Don't run anymore scans.

1 Post the combofix log
2 Post the Malwarebytes log and any other log reports you may have.
3 Free up space, by removing programs, pictures, documents, games etc.

Let us know when you free up that space..

Thanks
Joe :)
  • 0

#3
henrymills
Posted 20 December 2014 - 04:40 AM

henrymills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

------------------------------------------------------------------------------------------------------

Combofix Log

------------------------------------------------------------------------------------------------------

 

ComboFix 14-12-10.03 - MyEminence 12/20/2014  12:31:12.2.2 - x86
Running from: c:\users\MyEminence\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-20 to 2014-12-20  )))))))))))))))))))))))))))))))
.
.
2099-12-15 11:44 . 2011-02-17 05:24 -------- d-----w- c:\windows\system32\Plugins
2014-12-20 04:45 . 2014-12-20 04:45 -------- d-----w- c:\users\Neo\AppData\Local\temp
2014-12-20 04:45 . 2014-12-20 04:45 -------- d-----w- c:\users\Marcus\AppData\Local\temp
2014-12-20 04:45 . 2014-12-20 04:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-15 04:38 . 2014-12-20 04:45 -------- d-----w- c:\users\MyEminence\AppData\Local\temp
2014-12-15 03:56 . 2014-12-15 04:01 -------- d-----w- C:\TDSSKiller_Quarantine
2014-12-15 03:40 . 2014-12-15 03:40 -------- d-----w- c:\users\Marcus\AppData\Local\NVIDIA
2014-12-14 15:44 . 2014-12-14 15:44 -------- d-----w- c:\users\Marcus\AppData\Roaming\DivX
2014-12-14 15:21 . 2014-12-14 15:21 -------- d-----w- c:\users\Marcus\AppData\Local\Adobe
2014-12-14 15:19 . 2014-12-14 15:19 -------- d-----w- c:\users\Marcus\AppData\Roaming\AVAST Software
2014-12-14 15:18 . 2014-12-14 15:25 -------- d-----w- c:\users\Marcus\AppData\Roaming\BitTorrent
2014-12-14 15:18 . 2014-12-14 15:18 -------- d-----w- c:\users\Marcus\AppData\Local\Google
2014-12-13 16:23 . 2014-12-13 16:23 -------- d-----w- c:\users\Tempo
2014-12-13 14:49 . 2014-12-13 14:49 -------- d-----w- c:\users\MyEminence\AppData\Roaming\AVAST Software
2014-12-13 14:36 . 2014-11-20 22:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-13 14:36 . 2014-12-13 23:51 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-12-13 14:27 . 2014-12-20 04:24 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-13 14:27 . 2014-12-13 14:27 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-12-13 14:26 . 2014-11-20 22:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-13 14:07 . 2014-12-13 14:47 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
2014-12-13 14:07 . 2014-12-13 14:07 -------- d-----w- c:\program files\Malwarebytes Anti-Exploit
2014-12-13 14:06 . 2014-12-13 14:06 -------- d-----w- c:\program files\FileASSASSIN
2014-12-13 14:00 . 2014-12-13 14:00 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-12-13 14:00 . 2014-12-13 14:00 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-12-13 14:00 . 2014-12-13 14:00 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-12-13 14:00 . 2014-12-13 14:00 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-12-13 14:00 . 2014-12-13 14:00 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-12-13 14:00 . 2014-12-13 14:00 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-12-13 14:00 . 2014-12-13 14:00 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-12-13 14:00 . 2014-12-13 14:00 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-12-13 14:00 . 2014-12-13 14:00 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-12-13 14:00 . 2014-12-13 14:00 43152 ----a-w- c:\windows\avastSS.scr
2014-12-11 17:22 . 2011-04-21 13:55 508416 ----a-w- c:\windows\system32\bthport.sys
2014-12-11 17:22 . 2009-06-17 13:23 30208 ----a-w- c:\windows\system32\BTHUSB.SYS
2014-12-10 14:28 . 2007-08-13 16:17 46592 ----a-w- c:\windows\system32\HFGService_PS.dll
2014-12-10 01:45 . 2010-12-21 21:28 48128 ----a-w- c:\windows\system32\drivers\bthav.sys
2014-12-09 19:57 . 2014-12-09 19:57 -------- d-----w- c:\users\MyEminence\AppData\Local\VS Revo Group
2014-12-09 19:57 . 2014-12-09 19:57 -------- d-----w- c:\programdata\VS Revo Group
2014-12-09 19:57 . 2009-12-30 03:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-12-09 19:57 . 2014-12-09 19:57 -------- d-----w- c:\program files\VS Revo Group
2014-12-09 12:25 . 2007-08-13 16:17 411136 ----a-w- c:\windows\system32\HFGService.dll
2014-12-08 17:28 . 2014-12-08 17:28 -------- d-----w- C:\BluetoothExchangeFolder
2014-12-08 16:55 . 2014-12-08 16:55 -------- d-----w- C:\Drivers
2014-12-08 16:36 . 2014-12-08 16:36 -------- d-----w- c:\users\MyEminence\AppData\Local\Apps
2014-12-08 16:35 . 2014-12-08 16:36 -------- d-----w- c:\users\MyEminence\AppData\Local\Deployment
2014-12-08 13:54 . 2014-12-08 13:54 -------- d-----w- c:\program files\DIFX
2014-12-05 15:17 . 2014-12-05 15:36 -------- d-----w- c:\users\MyEminence\AppData\Local\Faculty_of_Organization_a
2014-12-05 15:14 . 2014-12-05 15:34 -------- d-----w- c:\program files\Remoter for Windows
2014-12-02 12:09 . 2014-12-02 12:09 -------- d-----w- c:\program files\AVAST Software
2014-12-02 12:04 . 2014-12-13 13:47 -------- d-----w- c:\programdata\AVAST Software
2014-12-02 07:54 . 2014-12-12 08:22 158337 ----a-w- c:\windows\DUMP3986.tmp
2014-12-02 07:54 . 2014-12-11 09:03 162529 ----a-w- c:\windows\DUMP3928.tmp
2014-11-20 17:59 . 2014-11-20 17:59 -------- d-----w- c:\users\MyEminence\AppData\Local\BNSUpdater
2014-11-20 17:23 . 2014-11-20 17:23 -------- d-----w- c:\users\MyEminence\AppData\Roaming\Awesomium
2014-11-20 16:30 . 2014-11-23 17:36 -------- d-----w- c:\users\MyEminence\AppData\Roaming\REngLauncher
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-20 04:24 . 2013-11-26 09:45 17488 ----a-w- c:\windows\gdrv.sys
2014-12-10 15:05 . 2014-01-29 08:38 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 15:05 . 2014-01-29 08:38 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-20 22:14 . 2011-02-22 19:33 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-13 14:00 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zASRockInstantBoot"="" [BU]
"PlayNC Launcher"="" [BU]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2011-04-29 2918576]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2011-04-29 400760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-13 5227112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="c:\program files\Tattoo\Tattoo" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42459759.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70585251.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-02 20:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-13 23:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-04-02 01:11 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2011-04-29 10:31 400760 ----a-w- c:\program files\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CheckNDISPort_df]
2012-10-10 16:45 442696 ----a-w- c:\program files\Hotspot\Sun Broadband\CheckNDISPort_df.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2014-08-19 06:41 448856 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2014-01-10 05:26 1861968 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2011-04-29 14:44 2918576 ----a-w- c:\program files\DAP\DAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:23 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-02-26 04:57 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-02-26 04:57 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-02-12 04:19 1050112 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 23:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 23:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2014-07-25 08:42 1562264 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2014-07-25 08:42 311616 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mega Manager]
2011-09-08 04:07 2116608 ----a-w- c:\program files\Megaupload\Mega Manager\MegaManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-01-03 18:47 6497592 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 07:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2013-12-10 02:22 2279712 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-02-26 04:57 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 16:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remoter]
2013-10-17 10:52 768512 ----a-w- c:\users\MyEminence\Downloads\Jpop Funk\RemoterServer\RemoterServer\RemoterServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2011-06-07 07:58 10082920 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2011-01-12 14:35 405736 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-02-12 04:23 1620480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 13:19 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 01:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-02-18 19:05 2423752 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec]
2011-04-02 02:44 139088 ----a-w- c:\program files\SMART BRO\UIExec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:21 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 01:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-185903628-1420016957-2107898834-1000]
"EnableNotificationsRef"=dword:00000003
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
bthsvcs REG_MULTI_SZ    BthServ
WindowsMobile REG_MULTI_SZ    wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ    WcesComm RapiMgr
bthaudiosvc REG_MULTI_SZ    HFGService
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 09:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-11 22:07 1087816 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 02:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-29 15:05]
.
2014-12-13 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-13 14:00]
.
2014-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-16 12:20]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-16 12:20]
.
.
------- Supplementary Scan -------
.
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
TCP: DhcpNameServer = 192.168.2.1
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\c94o7dma.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=115&q=
FF - prefs.js: browser.search.selectedEngine - SpeedBit Search
FF - prefs.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=115
FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=115&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-12-20 12:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-185903628-1420016957-2107898834-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):bd,d4,5f,0e,db,37,91,62,82,32,50,ce,8f,24,82,c2,6e,b3,98,97,8a,
   49,41,8f,67,23,b5,87,e8,8b,d2,4e,fb,e0,45,92,67,56,9b,70,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-185903628-1420016957-2107898834-1000_Classes\CLSID\{e2184613-c65f-4c59-b763-9256678441e9}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000063
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,85,b1,12,f9,90,dd,23,a1,17,82,33,ed,e5,ff,f7,f4,cc,66,af,9a,41,ef,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\GenArts\Monsters AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data*]
@DACL=
"CTE_32 Name"="904766:{C3B8A1BC-8B18-94D5-AD04-2B3354994626}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\GenArts\Monsters AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
@DACL=
"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\GenArts\Sapphire AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data*]
@DACL=
"CTE_32 Name"="97402:{C3B8A1BC-8B18-94D5-AD04-2B3354994626}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
@DACL=
"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectInput\Compatibility\CLIENT2._EXE35FEFABD00088200*]
@DACL=
"MaxDeviceNameLen"="09?\1585­0000\1dÒ?1e27Ý"
"NoPollSucceed"="{8DA442E1-E217-E3DA-F137-1E513BD85C9E}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
@DACL=
"CTE_32 Name"="2455698:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install*Loc\mxga-1-{1F4B2229-0218-4432-DB60-48EB620F97A3}\Version 1.1]
@DACL=
"dat"="806585365:{C382EA5B-DE6E-64F2-D1FE-D8E02F014A45}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{1F4B2229-0218-4432-DB60-48EB620F97A3}\Version 1.1]
@DACL=
"dat"="806585365:{C382EA5B-DE6E-64F2-D1FE-D8E02F014A45}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
@DACL=
"DefaultSettings"="2455712:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{24EBC0DE-B910-FD47-DCAD-DA8E5D6A5DA1}*\Install*Loc\mxga-3\dat]
@DACL=
"default"="516234422:{DAD5C578-81A4-431D-EB15-2EBF5E1C9DDF}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{24EBC0DE-B910-FD47-DCAD-DA8E5D6A5DA1}*\Install*Loc\xga-1\dat]
@DACL=
"default"="516234376:{48785A71-6968-E2F0-71DA-E8B0015FF7F6}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{24EBC0DE-B910-FD47-DCAD-DA8E5D6A5DA1}*\Install*Loc\xga-3v5\dat]
@DACL=
"default"="516234422:{DAD5C578-81A4-431D-EB15-2EBF5E1C9DDF}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\mxga-1-{1F4B2229-0218-4432-DB60-48EB620F97A3}\Version 3.x]
@DACL=
"dat"="1767914624:{D329D142-71AA-E0A0-24FC-7032A10E84E2}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{1F4B2229-0218-4432-DB60-48EB620F97A3}\Version 3.x]
@DACL=
"dat"="1767914624:{D329D142-71AA-E0A0-24FC-7032A10E84E2}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smase._dll*]
@DACL=
"AplicationGoo"="09Äva0\19222891ñ888f­"
"ChkAppHelp"="{5C87711A-1D79-8B70-3E9A-409C6EC7F15D}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WinXGA*\Providers*\{D9EBEC66-68A6-092F-CBD1-713C347AA5E0}\Current*Set\mxga-3\ver]
@DACL=
"KnownSvcs"="923716169:{4AB4436F-E9E7-14E8-952D-B6F8D95777DC}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WinXGA*\Providers*\{D9EBEC66-68A6-092F-CBD1-713C347AA5E0}\Current*Set\xga-1\ver]
@DACL=
"KnownSvcs"="923716215:{BAF2F0CD-2F8C-42D3-36A5-9C31F4427941}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WinXGA*\Providers*\{D9EBEC66-68A6-092F-CBD1-713C347AA5E0}\Current*Set\xga-3v5\ver]
@DACL=
"KnownSvcs"="923716169:{4AB4436F-E9E7-14E8-952D-B6F8D95777DC}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\XBMga*\UUIDs\{7740DC73-0741-D0A0-DE25-E70A741F64BC}\mxga-3\Install*Loc]
@DACL=
"{19620715-0001-1211-574574-30001}"="234523549:{9E5EF7DD-C468-ACB7-3E60-C0F40FEB7C9D}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\XBMga*\UUIDs\{7740DC73-0741-D0A0-DE25-E70A741F64BC}\xga-1\Install*Loc]
@DACL=
"{19620715-0001-1211-574574-30001}"="234523555:{538D3637-4FF0-5E0F-01B3-44EBDF82B678}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\XBMga*\UUIDs\{7740DC73-0741-D0A0-DE25-E70A741F64BC}\xga-3v5\Install*Loc]
@DACL=
"{19620715-0001-1211-574574-30001}"="234523549:{9E5EF7DD-C468-ACB7-3E60-C0F40FEB7C9D}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\xGenArts\Monsters AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
@DACL=
"CTE_32 Name"="1:{19C42D30-D844-8A07-12A4-E783E7D228F7}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
@DACL=
"CTE_32 Name"="1:{19C42D30-D844-8A07-12A4-E783E7D228F7}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4488)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2014-12-20  12:48:26
ComboFix-quarantined-files.txt  2014-12-20 04:48
ComboFix2.txt  2014-12-15 04:38
.
Pre-Run: 8,487,432,192 bytes free
Post-Run: 8,446,496,768 bytes free
.
- - End Of File - - FB4C948A15CE7677301AFBC1107B6658
A36C5E4F47E84449FF07ED3517B43A31
 

------------------------------------------------------------------------------------------------------

Malwarebytes Log

------------------------------------------------------------------------------------------------------

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/20/2014
Scan Time: 12:50:04 PM
Logfile: Mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.18.05
Rootkit Database: v2014.12.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: MyEminence

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 956301
Time Elapsed: 4 hr, 55 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 18
Adware.WhenU, C:\Windows XP\Appz XP\Daemon Tools v4.08\Daemon Tools v4.08.exe, , [ea336af98bf11c1ab284324a867fdf21],
PUP.RiskWareTool.CK, C:\Windows XP\Appz XP\NOD32 v2.70.32\NOD32 FiX v2.2.exe, , [53ca0162750776c0831c0980bf461ce4],
PUP.Optional.BabylonToolBar.A, C:\PSP-GameS\New Folder\Unlocker1.9.1.exe, , [77a6ed7614680c2a3614d36212ef58a8],
PUP.Hacktool.Patcher, C:\PSP-GameS\New Folder\Video.Enhancer.1.9.6-SND.rar, , [26f76300a6d6b08602fb1de820e07e82], 
PUP.Optional.OpenCandy, C:\Program Files\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll, , [68b5273c8af2c274c7f992077392e917],
PUP.Optional.SweetPacks.A, C:\Program Files\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe, , [0d1078eb6c10ab8b2e2953d1ae53b050],
Trojan.Downloader, C:\Users\MyEminence\Documents\My DAP Downloads\RG  Instant HD v1.1.rar, , [5ebf9bc8abd181b589281b1608fd827e],
PUP.Optional.DealioTB.A, C:\Users\MyEminence\Downloads\Compressed\Voicemuxer.rar, , [859895ce96e6f541723b04812fd6ae52],
PUP.Optional.DealioTB.A, C:\Users\MyEminence\Downloads\Compressed\music_morpher.rar, , [3edff46fcdaf3afccbe2364f9e6733cd],
PUP.Optional.DealioTB.A, C:\Users\MyEminence\Downloads\Compressed\music_morpher_gold.rar, , [37e61251c0bcc076733ad8ad9a6bbf41],
PUP.Optional.DealioTB.A, C:\Users\MyEminence\Downloads\Compressed\music_morpher\music_morpher.exe, , [0d10372cfe7e9a9c892470157293eb15],
PUP.Optional.DealioTB.A, C:\Users\MyEminence\Downloads\Compressed\music_morpher_gold\music_morpher_gold.exe, , [a67780e38af2122489241075d2330bf5],
HackTool.GamesCheat.Gen, C:\Users\MyEminence\Downloads\2worlds\two.worlds2.v1.0.plus5tr.zip, , [5cc1570c1e5ee84eb67095f220e5b44c],
PUP.Optional.OpenCandy, C:\Users\MyEminence\Downloads\2worlds\mirc717.exe, , [db428bd8daa20e28efd1abee4cb919e7],
PUP.Optional.Babylon.A, C:\Users\MyEminence\Downloads\Jpop Funk\Unlocker1.9.2_1_1.exe, , [908dbba88cf042f4f0bfd152748de818],
Trojan.Downloader, C:\ADOBPART\New Folder\Magic_Bullet_Instant_HD_Advanced_1.0.rar, , [9a83a6bd92eadf57d5dcca67818403fd],
PUP.Optional.SpeedBit.A, C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\c94o7dma.default\searchplugins\speedbit.xml, , [d746263d522a4de9509199ba6a992ed2],
PUP.Optional.SpeedBit.A, C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\ywjnhiw1.default\searchplugins\speedbit.xml, , [da435211502cad89459c0b4850b3c838],

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#4
zep516
Posted 20 December 2014 - 11:06 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

It does not look like you let Malwarebytes remove any of what was found, Here's the instruction for malwarebytes in case you need them, a lot of users run Malwarebyes and forget to take action.... please double check.

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop


Post the Malwarebytes log

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
  • Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;
    • The AdwCleaner [SO].txt Log
    • The JRT.txt Log
    • Malwarebyte log
    Thanks
    Joe :)


  • 0

#5
henrymills
Posted 22 December 2014 - 03:41 AM

henrymills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

------------------------------------------------------------------------------------------------------

AdwCleaner Log

------------------------------------------------------------------------------------------------------

# AdwCleaner v4.106 - Report created 22/12/2014 at 15:54:40
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows Vista ™ Ultimate Service Pack 2 (32 bits)
# Username : MyEminence - ME-PC
# Running from : C:\Users\MyEminence\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\Users\Marcus\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\MyEminence\AppData\LocalLow\Yahoo! Companion
File Deleted : C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\2isryo5x.jamocha\foxydeal.sqlite
File Deleted : C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\2k1echgk.SINN\user.js
File Deleted : C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\7udqw10n.justbrowse\user.js
File Deleted : C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\e95fwen3.youtube\user.js
File Deleted : C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\k4aolroc.Witchever\user.js
File Deleted : C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\pmsq0194.Desperado\user.js
File Deleted : C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\pmw0ypsj.noSa\user.js
File Deleted : C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\ywjnhiw1.default\user.js
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
[c94o7dma.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "SpeedBit Search");
[c94o7dma.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://home.speedbit.com/search.aspx?aff=115&q=");
[c94o7dma.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "SpeedBit Search");
[c94o7dma.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "SpeedBit Search");
[c94o7dma.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://home.speedbit.com/?aff=115");
[c94o7dma.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage_override_url", "hxxp://home.speedbit.com/?aff=115");
[c94o7dma.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://home.speedbit.com/search.aspx?aff=115&q=");
[ywjnhiw1.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://home.speedbit.com/?pid=%s&aid=%s");
[ywjnhiw1.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage_override_url", "hxxp://home.speedbit.com/?pid=%s&aid=%s");
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
-\\ Opera v18.0.1284.68
 
[C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [43493 octets] - [09/11/2014 20:28:35]
AdwCleaner[R1].txt - [42850 octets] - [09/11/2014 20:56:25]
AdwCleaner[R2].txt - [3950 octets] - [22/12/2014 15:42:39]
AdwCleaner[S0].txt - [1336 octets] - [09/11/2014 20:32:39]
AdwCleaner[S1].txt - [46594 octets] - [09/11/2014 20:59:01]
AdwCleaner[S2].txt - [4273 octets] - [22/12/2014 15:54:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4333 octets] ##########
 

------------------------------------------------------------------------------------------------------

JRT log

------------------------------------------------------------------------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows Vista ™ Ultimate x86
Ran by MyEminence on Mon 12/22/2014 at 16:49:18.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\MyEminence\AppData\Roaming\thinstall"
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\MyEminence\AppData\Roaming\mozilla\firefox\profiles\ywjnhiw1.default\searchplugins\speedbit.xml
Successfully deleted the following from C:\Users\MyEminence\AppData\Roaming\mozilla\firefox\profiles\ywjnhiw1.default\prefs.js
 
user_pref("browser.startup.homepage", "hxxp://home.speedbit.com/?pid=%s&aid=%s");
user_pref("browser.startup.homepage_override_url", "hxxp://home.speedbit.com/?pid=%s&aid=%s");
Emptied folder: C:\Users\MyEminence\AppData\Roaming\mozilla\firefox\profiles\ywjnhiw1.default\minidumps [2 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/22/2014 at 16:55:32.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

------------------------------------------------------------------------------------------------------

Malwarebytes Log

------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/22/2014
Scan Time: 2:51:22 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.18.05
Rootkit Database: v2014.12.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: MyEminence
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 480842
Time Elapsed: 38 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.SpeedBit.A, C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\ywjnhiw1.default\searchplugins\speedbit.xml, Quarantined, [6ab36df6c8b43cfaf4ed490abf44cd33], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

------------------------------------------------------------------------------------------------------

Gmer Log(additional)

------------------------------------------------------------------------------------------------------

GMER 2.1.19357 - http://www.gmer.net
Rootkit quick scan 2014-12-22 17:22:30
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3250318AS rev.CC38 232.89GB
Running: mkrz8xj8.exe; Driver: C:\Users\MYEMIN~1\AppData\Local\Temp\pxldypoc.sys
 
 
---- System - GMER 2.1 ----
 
Code  8BA8EBFC  ZwTraceEvent
Code  8BA8EBFB  NtTraceEvent
 
---- EOF - GMER 2.1 ----
 
 
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------I would like to say while waiting for your reply  I run Avast rescue disk and Kaspersky rescue disk also.I can now do system restore and my antivirus is running now.

  • 0

#6
zep516
Posted 22 December 2014 - 07:41 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
OK,

Lets refrain from running anymore tools on your own from here on out. I need to create a base line with my log reports so I know what I'm working with.

Everything you're downloading is ending up in the downloads folder, could you take the extra time and make sure you download this tool Farber Recovery Scan tool to the Desktop.
 

saving files to your desktop.


It's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.



Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Thanks
Joe :)
  • 0

#7
henrymills
Posted 22 December 2014 - 11:09 PM

henrymills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

------------------------------------------------------------------------------------------------------

FRST.txt

------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2014 01
Ran by MyEminence (administrator) on ME-PC on 23-12-2014 12:52:43
Running from C:\Users\MyEminence\Desktop
Loaded Profile: MyEminence (Available profiles: MyEminence & Marcus & Tempo)
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
() C:\Program Files\Gigabyte\EasySaver\essvr.exe
() C:\Program Files\GenArts\Monsters-AE\bin\FlowFinder3MonstersAE32.exe
() C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Nero AG) C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
() C:\Program Files\GenArts\Monsters-AE\bin\JawsServerAE.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files\SMART BRO\AssistantServices.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(SpeedBit Ltd.) C:\Program Files\DAP\DAP.exe
(BitTorrent, Inc.) C:\Program Files\BitTorrent\BitTorrent.exe
(Speedbit Ltd.) C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-13] (AVAST Software)
HKU\S-1-5-21-185903628-1420016957-2107898834-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-185903628-1420016957-2107898834-1000\...\Run: [PlayNC Launcher] => [X]
HKU\S-1-5-21-185903628-1420016957-2107898834-1000\...\Run: [DownloadAccelerator] => C:\Program Files\DAP\DAP.EXE [2918576 2011-04-29] (SpeedBit Ltd.)
HKU\S-1-5-21-185903628-1420016957-2107898834-1000\...\Run: [BitTorrent] => C:\Program Files\BitTorrent\BitTorrent.exe [400760 2011-04-29] (BitTorrent, Inc.)
HKU\S-1-5-18\...\Run: [Mobile Partner] => C:\Program Files\Tattoo\Tattoo
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-185903628-1420016957-2107898834-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-185903628-1420016957-2107898834-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-185903628-1420016957-2107898834-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ph/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: IeMonitorBho Class -> {bf00e119-21a3-4fd1-b178-3b8537e75c92} -> C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
BHO: Download Accelerator Plus Integration -> {FF6C3CF0-4B15-11D1-ABED-709549C10000} -> C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} http://clients.futur...y/FMSI_v420.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\2isryo5x.jamocha
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\ywjnhiw1.default\searchplugins\speedbit.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: DownloadHelper - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\ywjnhiw1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-08-16]
FF Extension: Mega Manager Integration - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\k4aolroc.Witchever\Extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6} [2011-11-18]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\pmw0ypsj.noSa\Extensions\[email protected] [2011-12-05]
FF Extension: Adblock Plus - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\pmw0ypsj.noSa\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011-12-05]
FF Extension: Flash Video Downloader - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\wzlrxbcq.MOCHACHO\Extensions\[email protected] [2014-01-29]
FF Extension: DownloadHelper - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\wzlrxbcq.MOCHACHO\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-12-17]
FF Extension: ProxTube - Unblock YouTube - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\7h9u3pwa.AllyEml\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2014-02-04]
FF Extension: DownloadHelper - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\7h9u3pwa.AllyEml\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-12]
FF Extension: anonymoX - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\7h9u3pwa.AllyEml\Extensions\[email protected] [2014-02-04]
FF Extension: Stealthy - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\7h9u3pwa.AllyEml\Extensions\[email protected] [2014-02-04]
FF Extension: DownThemAll! - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\7h9u3pwa.AllyEml\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-04-12]
FF Extension: DownloadHelper - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\yt7spcd8.Serpindor\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-28]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\2isryo5x.jamocha\Extensions\[email protected] [2014-12-13]
FF Extension: DownloadHelper - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\2isryo5x.jamocha\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF Extension: No Name - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\2isryo5x.jamocha\Extensions\[email protected] [2014-10-28]
FF Extension: ProxTube - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\2isryo5x.jamocha\Extensions\[email protected] [2014-09-30]
FF Extension: Download YouTube Videos as MP4 - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\2isryo5x.jamocha\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-10-26]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-08-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2012-01-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-26]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-13]
FF HKU\S-1-5-21-185903628-1420016957-2107898834-1000\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files\DAP\DAPFireFox [2011-04-29]
FF HKU\S-1-5-21-185903628-1420016957-2107898834-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\MyEminence\AppData\Roaming\IDM\idmmzcc3
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox2\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-16]
CHR Extension: (Google Docs) - C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-16]
CHR Extension: (Google Drive) - C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-16]
CHR Extension: (YouTube) - C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-16]
CHR Extension: (Google Search) - C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-16]
CHR Extension: (Google Sheets) - C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-16]
CHR Extension: (Avast Online Security) - C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-22]
CHR Extension: (Google Wallet) - C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-16]
CHR Extension: (Gmail) - C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-13]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [562592 2011-05-27] (Affinegy, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152576 2011-04-19] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] () [File not signed]
R2 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 FlowFinder3MonstersAE32; C:\Program Files\GenArts\Monsters-AE\bin\FlowFinder3MonstersAE32.exe [704512 2010-06-04] () [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [130976 2011-08-15] (Futuremark Corporation)
S2 Globe Tattoo Broadband. RunOuc; C:\Program Files\Globe Tattoo Broadband\UpdateDog\ouc.exe [657504 2012-11-12] ()
R2 HFGService; C:\Windows\System32\HFGService.dll [411136 2007-08-14] (CSR, plc)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [924160 2007-02-12] (Nero AG) [File not signed]
R2 JawsServerAE; C:\Program Files\GenArts\Monsters-AE\bin\JawsServerAE.exe [393216 2010-06-08] () [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [192832 2011-09-19] (NVIDIA)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
S3 RLM-GenArts; C:\Program Files\GenArts\rlm\rlm.exe [1540096 2010-06-03] (Reprise Software Inc.) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [69864 2011-01-12] (SANDBOXIE L.T.D)
R2 UI Assistant Service; C:\Program Files\SMART BRO\AssistantServices.exe [269648 2011-06-24] ()
S2 CsrBtOBEXService; "C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe" [X]
S2 CsrBtService; "C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [18544 2011-01-10] ()
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
S3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [48128 2010-12-22] (Cambridge Silicon Radio Limited)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R3 gdrv; C:\Windows\gdrv.sys [17488 2014-12-23] (Windows ® 2000 DDK provider)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [96000 2012-08-20] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70272 2012-10-29] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-08-20] (Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\Program Files\HWiNFO32\HWiNFO32.SYS [20216 2011-05-22] (REALiX™)
R4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [112384 2007-02-12] (Nero AG) [File not signed]
R1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [31360 2007-02-12] (Nero AG) [File not signed]
U1 InCDrec; C:\Windows\system32\Drivers\InCDrec.sys [10624 2007-02-12] (Nero AG) [File not signed]
R1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [33792 2007-02-12] (Nero AG) [File not signed]
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [68208 2011-03-23] (Atheros Communications, Inc.)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-03-26] (MBB Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-18] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-11] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [125672 2011-01-12] (SANDBOXIE L.T.D)
R0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows ® 2000 DDK provider) [File not signed]
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-06-16] (DEVGURU Co., LTD.(www.devguru.co.kr))
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [247320 2009-06-22] (silex technology, Inc.)
S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [107776 2011-03-26] (ZTE Incorporated)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [87536 2010-04-02] (CyberLink Corp.)
S3 BthAudioHF; system32\DRIVERS\BthAudioHF.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\Users\MYEMIN~1\AppData\Local\Temp\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X]
S3 CsrBtPort; system32\DRIVERS\CsrBtPort.sys [X]
S3 csrusb; System32\Drivers\csrusb.sys [X]
S3 GPU-Z; \??\C:\Users\MYEMIN~1\AppData\Local\Temp\GPU-Z.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2099-12-15 19:44 - 2011-02-17 13:24 - 00000000 ____D () C:\Windows\system32\Plugins
2014-12-23 12:52 - 2014-12-23 12:53 - 00021391 _____ () C:\Users\MyEminence\Desktop\FRST.txt
2014-12-23 12:52 - 2014-12-23 12:52 - 00000000 ____D () C:\FRST
2014-12-23 12:47 - 2014-12-23 12:47 - 01114112 _____ (Farbar) C:\Users\MyEminence\Downloads\FRST.exe
2014-12-23 12:47 - 2014-12-23 12:47 - 01114112 _____ (Farbar) C:\Users\MyEminence\Desktop\FRST.exe
2014-12-22 16:55 - 2014-12-22 16:55 - 00001809 _____ () C:\Users\MyEminence\Desktop\JRT.txt
2014-12-22 16:49 - 2014-12-22 16:49 - 00000000 ____D () C:\Windows\ERUNT
2014-12-22 15:41 - 2014-12-22 17:23 - 00000000 ____D () C:\Users\MyEminence\Downloads\Logans
2014-12-22 14:20 - 2014-12-22 14:20 - 00007565 _____ () C:\kaspersky
2014-12-22 14:06 - 2014-12-22 14:07 - 02173952 _____ () C:\Users\MyEminence\Downloads\AdwCleaner.exe
2014-12-22 14:05 - 2014-12-22 14:07 - 01707646 _____ (Thisisu) C:\Users\MyEminence\Downloads\JRT.exe
2014-12-22 14:03 - 2014-12-22 14:04 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\MyEminence\Downloads\tdsskiller.exe
2014-12-22 13:45 - 2014-12-22 13:45 - 00380416 _____ () C:\Users\MyEminence\Downloads\mkrz8xj8.exe
2014-12-20 18:23 - 2014-12-20 18:23 - 00003789 _____ () C:\Users\MyEminence\Documents\Mbam2.txt
2014-12-20 18:21 - 2014-12-20 18:35 - 00003401 _____ () C:\Users\MyEminence\Documents\Mbam.txt
2014-12-20 12:48 - 2014-12-20 12:48 - 00026227 _____ () C:\ComboFix.txt
2014-12-19 07:10 - 2014-12-19 07:24 - 00001230 _____ () C:\Users\MyEminence\Documents\antivirus.txt
2014-12-19 02:43 - 2014-12-19 02:43 - 00070932 _____ () C:\Users\MyEminence\Downloads\Extras.Txt
2014-12-19 02:40 - 2014-12-19 02:46 - 00117316 _____ () C:\Users\MyEminence\Downloads\OTL.Txt
2014-12-19 02:15 - 2014-12-19 02:15 - 00602112 _____ (OldTimer Tools) C:\Users\MyEminence\Downloads\OTL.exe
2014-12-15 11:59 - 2014-12-15 00:44 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Marcus\Downloads\tdsskiller (1).exe
2014-12-15 11:56 - 2014-12-15 12:01 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-12-15 11:51 - 2014-12-15 11:51 - 00000680 _____ () C:\Users\Marcus\AppData\Local\d3d9caps.dat
2014-12-15 11:40 - 2014-12-15 11:40 - 00000000 ____D () C:\Users\Marcus\AppData\Local\NVIDIA
2014-12-14 23:44 - 2014-12-14 23:46 - 00004608 _____ () C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-14 23:44 - 2014-12-14 23:44 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\DivX
2014-12-14 23:21 - 2014-12-15 12:02 - 00002800 _____ () C:\Users\Marcus\Desktop\Rkill.txt
2014-12-14 23:21 - 2014-12-14 23:21 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Adobe
2014-12-14 23:19 - 2014-12-14 23:19 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\AVAST Software
2014-12-14 23:18 - 2014-12-14 23:25 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\BitTorrent
2014-12-14 23:18 - 2014-12-14 23:18 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Google
2014-12-14 07:55 - 2014-12-20 12:48 - 00000000 ____D () C:\Qoobox
2014-12-14 07:55 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-14 07:55 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-14 07:55 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-14 07:55 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-14 07:55 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-14 07:55 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-14 07:55 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-14 07:55 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-14 07:54 - 2014-12-15 12:35 - 00000000 ____D () C:\Windows\erdnt
2014-12-14 00:23 - 2014-12-14 00:23 - 00000020 ___SH () C:\Users\Tempo\ntuser.ini
2014-12-14 00:23 - 2014-12-14 00:23 - 00000000 ____D () C:\Users\Tempo
2014-12-14 00:23 - 2011-05-16 16:01 - 00000000 ____D () C:\Users\Tempo\Documents\DE_DeliriumWin32
2014-12-14 00:23 - 2008-01-21 10:41 - 00000000 ___RD () C:\Users\Tempo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-14 00:23 - 2008-01-21 10:41 - 00000000 ___RD () C:\Users\Tempo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-14 00:12 - 2014-12-14 00:12 - 00688992 _____ (Swearware) C:\Users\MyEminence\Downloads\dds.scr.dap
2014-12-13 23:59 - 2014-12-13 23:59 - 00380416 _____ () C:\Users\MyEminence\Downloads\12euwm1j.exe
2014-12-13 23:58 - 2014-12-13 23:59 - 05600944 ____R (Swearware) C:\Users\MyEminence\Downloads\ComboFix.exe
2014-12-13 23:58 - 2014-12-13 23:58 - 00094976 _____ () C:\Users\MyEminence\Downloads\0khxlufy.exe.dap
2014-12-13 22:49 - 2014-12-13 22:49 - 00000000 ____D () C:\Users\MyEminence\AppData\Roaming\AVAST Software
2014-12-13 22:36 - 2014-12-14 07:51 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-13 22:36 - 2014-12-14 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-13 22:36 - 2014-12-14 07:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-13 22:36 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-13 22:27 - 2014-12-23 12:49 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-13 22:27 - 2014-12-22 09:58 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-13 22:27 - 2014-12-13 22:27 - 00000000 ____D () C:\Users\MyEminence\Downloads\mbam-chameleon-3.1.7.0
2014-12-13 22:26 - 2014-12-22 09:59 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-13 22:26 - 2014-12-13 22:26 - 00000000 ____D () C:\Users\MyEminence\Downloads\Mar
2014-12-13 22:08 - 2014-12-13 22:12 - 16448208 _____ (Malwarebytes Corp.) C:\Users\MyEminence\Downloads\mbar-1.08.2.1001.exe
2014-12-13 22:08 - 2014-12-13 22:10 - 04909382 _____ () C:\Users\MyEminence\Downloads\mbam-chameleon-3.1.7.0.zip
2014-12-13 22:07 - 2014-12-13 22:47 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-12-13 22:07 - 2014-12-13 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-12-13 22:07 - 2014-12-13 22:07 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-12-13 22:06 - 2014-12-13 22:06 - 00000852 _____ () C:\Users\Public\Desktop\FileASSASSIN.lnk
2014-12-13 22:06 - 2014-12-13 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2014-12-13 22:06 - 2014-12-13 22:06 - 00000000 ____D () C:\Program Files\FileASSASSIN
2014-12-13 22:00 - 2014-12-14 07:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-13 22:00 - 2014-12-13 22:00 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-13 22:00 - 2014-12-13 22:00 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-13 22:00 - 2014-12-13 22:00 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-13 22:00 - 2014-12-13 22:00 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-13 22:00 - 2014-12-13 22:00 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-13 22:00 - 2014-12-13 22:00 - 00057928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-12-13 22:00 - 2014-12-13 22:00 - 00055240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-12-13 22:00 - 2014-12-13 22:00 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-13 22:00 - 2014-12-13 22:00 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-13 22:00 - 2014-12-13 22:00 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-13 22:00 - 2014-12-13 22:00 - 00001889 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2014-12-13 22:00 - 2014-12-13 22:00 - 00001871 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-13 22:00 - 2014-12-13 22:00 - 00000350 ____H () C:\Windows\Tasks\avast! Emergency Update.job
2014-12-13 21:53 - 2014-12-13 21:53 - 00167034 _____ () C:\Users\MyEminence\Downloads\fileassassin-setup-1.06.exe
2014-12-13 21:53 - 2014-12-13 21:53 - 00065232 _____ (Malwarebytes) C:\Users\MyEminence\Downloads\regassassin-setup-1.03.exe
2014-12-13 21:48 - 2014-12-13 21:49 - 02967032 _____ (Malwarebytes ) C:\Users\MyEminence\Downloads\mbae-setup-1.05.1.1016.exe
2014-12-13 14:03 - 2014-12-13 21:49 - 00000000 ____D () C:\Users\MyEminence\Downloads\AwesomeMix Vol1
2014-12-13 13:50 - 2014-12-13 13:50 - 00000000 _____ () C:\Users\MyEminence\Downloads\10. Rupert Holmes - Escape The Pina Colada Song.mp3.crdownload
2014-12-12 18:13 - 2014-12-12 18:14 - 00000107 _____ () C:\Windows\system32\list
2014-12-12 16:28 - 2014-12-12 16:28 - 00000300 _____ () C:\Users\MyEminence\Desktop\MyEminence - Shortcut.lnk
2014-12-12 01:22 - 2011-04-21 21:55 - 00508416 _____ (Microsoft Corporation) C:\Windows\system32\bthport.sys
2014-12-12 01:22 - 2009-06-17 21:23 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\BTHUSB.SYS
2014-12-10 22:28 - 2007-08-14 00:17 - 00046592 _____ (CSR, plc) C:\Windows\system32\HFGService_PS.dll
2014-12-10 09:45 - 2014-12-10 09:45 - 00217594 _____ () C:\Users\MyEminence\Downloads\csr-bluetooth-driver-2.0.0.135-x86.7z
2014-12-10 09:45 - 2010-12-22 05:28 - 00048128 _____ (Cambridge Silicon Radio Limited) C:\Windows\system32\Drivers\bthav.sys
2014-12-10 03:57 - 2014-12-10 03:57 - 00001065 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-12-10 03:57 - 2014-12-10 03:57 - 00000000 ____D () C:\Users\MyEminence\AppData\Local\VS Revo Group
2014-12-10 03:57 - 2014-12-10 03:57 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-12-10 03:57 - 2014-12-10 03:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-12-10 03:57 - 2014-12-10 03:57 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-12-10 03:57 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-12-10 02:59 - 2014-12-10 02:59 - 01088893 _____ (pendrivelinux.com) C:\Users\MyEminence\Downloads\Universal-USB-Installer-1.9.5.8.exe
2014-12-10 00:49 - 2014-12-10 00:49 - 00000078 _____ () C:\Users\MyEminence\Documents\vscriptbeforeandafter.txt
2014-12-09 20:25 - 2014-12-09 20:25 - 00247441 _____ () C:\Users\MyEminence\Downloads\csr-bluetooth-driver-5.0.17-x86.7z
2014-12-09 20:25 - 2007-08-14 00:17 - 00411136 _____ (CSR, plc) C:\Windows\system32\HFGService.dll
2014-12-09 20:22 - 2014-12-09 20:22 - 00013088 _____ () C:\Users\MyEminence\Downloads\csr-bthfilt-1.0.0.370-x86.7z
2014-12-09 19:39 - 2014-12-11 22:47 - 00000000 ____D () C:\Users\MyEminence\Downloads\I Dont Need Sex (2012)
2014-12-09 18:41 - 2014-12-09 18:42 - 00254534 _____ () C:\Users\MyEminence\Documents\cc_20141209_184149.reg
2014-12-09 17:52 - 2014-12-09 17:52 - 03480040 _____ (McAfee, Inc.) C:\Users\MyEminence\Downloads\MCPR.exe
2014-12-09 17:52 - 2014-12-09 17:52 - 00985600 _____ () C:\Users\MyEminence\Downloads\MicrosoftFixit50842 (2).msi
2014-12-09 17:06 - 2014-12-09 17:06 - 00000000 ____D () C:\Users\MyEminence\Downloads\IN3BTH55WW5
2014-12-09 16:41 - 2014-12-09 16:41 - 00985600 _____ () C:\Users\MyEminence\Downloads\MicrosoftFixit50842 (1).msi
2014-12-09 16:40 - 2014-12-09 16:40 - 00985600 _____ () C:\Users\MyEminence\Downloads\MicrosoftFixit50842.msi
2014-12-09 01:28 - 2014-12-09 01:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_csrusb_01009.Wdf
2014-12-09 01:28 - 2014-12-09 01:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_CsrBtPort_01009.Wdf
2014-12-09 01:28 - 2014-12-09 01:28 - 00000000 ____D () C:\BluetoothExchangeFolder
2014-12-09 00:39 - 2014-12-09 00:49 - 53209368 _____ (Lenovo Group ) C:\Users\MyEminence\Downloads\IN3BTH55WW5.exe
2014-12-09 00:36 - 2014-12-09 00:36 - 00009404 _____ () C:\Users\MyEminence\Downloads\dellsystemdetect(1).application
2014-12-09 00:36 - 2014-12-09 00:36 - 00000000 ____D () C:\Users\MyEminence\AppData\Local\Apps\2.0
2014-12-09 00:35 - 2014-12-09 00:36 - 00000000 ____D () C:\Users\MyEminence\AppData\Local\Deployment
2014-12-09 00:35 - 2014-12-09 00:35 - 00417064 _____ () C:\Users\MyEminence\Downloads\DellSystemDetect.exe
2014-12-09 00:35 - 2014-12-09 00:35 - 00009404 _____ () C:\Users\MyEminence\Downloads\dellsystemdetect.application
2014-12-08 22:00 - 2014-12-08 22:00 - 00000000 ____D () C:\Users\MyEminence\Documents\Bluetooth Exchange Folder
2014-12-08 21:54 - 2014-12-08 21:54 - 00000000 ____D () C:\Program Files\DIFX
2014-12-08 21:51 - 2014-12-09 00:58 - 00015660 _____ () C:\Windows\DPINST.LOG
2014-12-08 21:50 - 2014-12-08 21:50 - 00000000 ____D () C:\Users\MyEminence\Downloads\Broadcom_Bluetooth_Driver_6.2.1.500
2014-12-08 21:40 - 2014-12-08 21:49 - 60531438 _____ () C:\Users\MyEminence\Downloads\Broadcom_Bluetooth_Driver_6.2.1.500.zip
2014-12-08 21:31 - 2014-12-08 21:33 - 04171576 _____ (Broadcom Corporation.) C:\Users\MyEminence\Downloads\SetupBtwDownloadSE.exe
2014-12-08 19:34 - 2014-12-08 19:35 - 12644232 _____ (Microsoft Corporation) C:\Users\MyEminence\Downloads\drvupdate-x86.exe
2014-12-08 19:24 - 2014-12-08 19:24 - 00178568 _____ () C:\Users\MyEminence\Downloads\Bluetooth-PC-Stacks.exe
2014-12-05 23:17 - 2014-12-05 23:36 - 00000000 ____D () C:\Users\MyEminence\AppData\Local\Faculty_of_Organization_a
2014-12-05 23:14 - 2014-12-05 23:34 - 00000000 ____D () C:\Program Files\Remoter for Windows
2014-12-04 21:50 - 2014-12-04 21:50 - 00000035 _____ () C:\Users\MyEminence\Documents\dmotion.txt
2014-12-02 20:09 - 2014-12-02 20:09 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-02 20:04 - 2014-12-13 21:47 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-02 19:21 - 2014-12-02 19:23 - 05006864 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-12-02 19:17 - 2014-12-02 19:20 - 00000017 _____ () C:\Users\MyEminence\Documents\couldnotbeloaded.txt
2014-12-02 19:17 - 2014-12-02 19:17 - 00000017 _____ () C:\Users\MyEminence\Documents\couldnotbeloadednero.txt
2014-12-02 16:46 - 2014-12-02 16:51 - 00000000 ____D () C:\Windows\pss
2014-12-02 15:54 - 2014-12-12 16:43 - 00162465 _____ () C:\Windows\Minidump\Mini121214-01.dmp
2014-12-02 15:54 - 2014-12-12 16:22 - 00158337 _____ () C:\Windows\DUMP3986.tmp
2014-12-02 15:54 - 2014-12-11 17:31 - 00162465 _____ () C:\Windows\Minidump\Mini121114-02.dmp
2014-12-02 15:54 - 2014-12-11 17:07 - 00158977 _____ () C:\Windows\Minidump\Mini121114-01.dmp
2014-12-02 15:54 - 2014-12-11 17:03 - 00162529 _____ () C:\Windows\DUMP3928.tmp
2014-12-02 15:54 - 2014-12-02 17:01 - 00154284 _____ () C:\Windows\Minidump\Mini120214-02.dmp
2014-12-02 15:54 - 2014-12-02 16:41 - 00154284 _____ () C:\Windows\Minidump\Mini120214-01.dmp
2014-12-01 22:21 - 2014-12-01 22:55 - 00000866 _____ () C:\Users\MyEminence\Documents\kickchat.txt
2014-12-01 22:01 - 2014-12-01 22:01 - 00000175 _____ () C:\Windows\system32\Drivers\aswSnx.sys.sum
2014-11-30 21:06 - 2014-11-30 21:06 - 00000212 _____ () C:\PowerDVD10.sim
2014-11-26 18:34 - 2014-11-26 18:34 - 00000000 ____D () C:\Users\MyEminence\Documents\freenote_export
2014-11-25 15:07 - 2014-11-25 15:20 - 00000175 _____ () C:\Users\MyEminence\Documents\password tried.txt
2014-11-24 23:44 - 2014-11-25 00:00 - 00000044 _____ () C:\Users\MyEminence\Documents\temposas.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-23 12:53 - 2009-04-11 20:38 - 02084365 _____ () C:\Windows\WindowsUpdate.log
2014-12-23 12:51 - 2011-04-29 22:45 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-23 12:51 - 2011-02-26 02:32 - 00000000 ____D () C:\Users\MyEminence\AppData\Roaming\BitTorrent
2014-12-23 12:49 - 2014-09-16 20:20 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-23 12:49 - 2013-11-26 17:45 - 00017488 _____ (Windows ® 2000 DDK provider) C:\Windows\gdrv.sys
2014-12-23 12:49 - 2013-11-26 17:14 - 00000145 _____ () C:\service.log
2014-12-23 12:49 - 2006-11-02 21:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-23 12:49 - 2006-11-02 20:46 - 00004928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-23 12:49 - 2006-11-02 20:46 - 00004928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 17:26 - 2012-02-24 18:43 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-12-22 17:26 - 2006-11-02 21:00 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-22 17:06 - 2006-11-02 18:33 - 00764992 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-22 17:05 - 2014-01-29 16:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-22 16:43 - 2011-12-04 11:22 - 00491636 _____ () C:\Windows\PFRO.log
2014-12-22 16:24 - 2014-11-09 20:28 - 00000000 ____D () C:\AdwCleaner
2014-12-22 06:29 - 2014-11-12 17:53 - 00002252 _____ () C:\Users\MyEminence\Desktop\Rkill.txt
2014-12-21 14:25 - 2014-09-21 06:01 - 00000000 ____D () C:\Users\MyEminence\Downloads\Jpop Funk
2014-12-21 14:25 - 2014-07-21 22:42 - 04619629 _____ () C:\Users\MyEminence\Downloads\BuXVIDS08E10.part2.rar
2014-12-21 14:25 - 2014-07-21 22:33 - 00000020 _____ () C:\Users\MyEminence\Downloads\BuXVIDS08E10.part1.rar
2014-12-21 14:25 - 2014-07-19 19:15 - 04873467 _____ () C:\Users\MyEminence\Downloads\BuXVIDS08E09.part2.rar
2014-12-21 14:25 - 2014-07-19 19:13 - 00000020 _____ () C:\Users\MyEminence\Downloads\BuXVIDS08E09.part1.rar
2014-12-21 14:25 - 2014-07-19 00:45 - 00000020 _____ () C:\Users\MyEminence\Downloads\BuXVIDS08E08.part1.rar
2014-12-21 14:25 - 2014-07-18 23:38 - 04442801 _____ () C:\Users\MyEminence\Downloads\BuXVIDS08E08.part2.rar
2014-12-20 18:27 - 2006-11-02 20:41 - 00000000 ____D () C:\Windows\WindowsMobile
2014-12-20 18:25 - 2011-04-02 17:26 - 00000000 ____D () C:\Users\MyEminence\Downloads\AV.Music.Morpher.Gold.v5.0.35.WinAll.Cracked-CRD
2014-12-20 18:25 - 2011-03-12 13:05 - 00000000 ____D () C:\Users\MyEminence\Downloads\Compressed
2014-12-20 18:25 - 2011-02-27 06:00 - 00000000 ____D () C:\Users\MyEminence\Downloads\2worlds
2014-12-20 12:45 - 2006-11-02 18:23 - 00000215 _____ () C:\Windows\system.ini
2014-12-19 06:51 - 2011-02-23 03:16 - 00000000 ____D () C:\Users\MyEminence\AppData\Roaming\vlc
2014-12-19 06:45 - 2011-02-28 01:36 - 00000000 ____D () C:\Program Files\mIRC
2014-12-19 02:15 - 2011-04-29 22:49 - 00001208 _____ () C:\Users\MyEminence\Desktop\My DAP Downloads.lnk
2014-12-15 13:08 - 2012-04-02 12:41 - 00000000 ____D () C:\ProgramData\InstallMate
2014-12-15 12:38 - 2009-07-11 06:00 - 00000000 ____D () C:\Users\watta
2014-12-15 12:38 - 2006-11-02 19:18 - 00000000 __RHD () C:\Users\Default
2014-12-15 12:38 - 2006-11-02 19:18 - 00000000 ___RD () C:\Users\Public
2014-12-15 11:58 - 2008-01-23 01:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-15 11:57 - 2011-02-23 03:28 - 00000000 ____D () C:\Program Files\Unlocker
2014-12-15 11:50 - 2008-01-23 02:02 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-14 23:44 - 2011-04-08 00:41 - 00000155 _____ () C:\Windows\NeroDigital.ini
2014-12-14 23:21 - 2009-07-29 07:29 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Adobe
2014-12-13 23:29 - 2014-11-12 17:53 - 00000000 ____D () C:\Users\MyEminence\Desktop\rkill
2014-12-13 22:47 - 2011-02-23 03:33 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-12-13 22:36 - 2011-02-23 03:35 - 00000000 ____D () C:\Users\MyEminence\AppData\Roaming\Malwarebytes
2014-12-13 22:36 - 2011-02-23 03:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-13 22:05 - 2011-02-21 13:52 - 00002032 _____ () C:\Users\MyEminence\AppData\Local\d3d9caps.dat
2014-12-13 13:51 - 2014-01-29 17:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-13 13:51 - 2011-08-16 17:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox2
2014-12-12 17:17 - 2014-10-28 03:15 - 00017090 _____ () C:\Windows\setupact.log
2014-12-12 17:17 - 2006-11-02 19:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-12 16:44 - 2011-03-12 13:43 - 00000000 ____D () C:\Windows\Minidump
2014-12-12 16:41 - 2011-02-21 13:52 - 00000000 ____D () C:\Users\MyEminence
2014-12-12 06:10 - 2014-09-16 20:28 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 23:02 - 2011-02-25 10:44 - 00070656 _____ () C:\Users\MyEminence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-11 21:07 - 2009-07-29 03:04 - 00000000 ____D () C:\Program Files\SMART BRO
2014-12-11 17:49 - 2014-10-28 03:15 - 00000071 _____ () C:\Windows\setuperr.log
2014-12-11 17:43 - 2013-11-24 16:26 - 00000000 ____D () C:\po
2014-12-10 23:05 - 2014-01-29 16:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-10 23:05 - 2014-01-29 16:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 18:00 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\system32\config\Journal
2014-12-09 16:58 - 2011-03-12 14:42 - 00001846 _____ () C:\Windows\Sandboxie.ini
2014-12-09 01:24 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\system32\zh-TW
2014-12-09 01:24 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-12-09 01:24 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\system32\ko-KR
2014-12-09 01:24 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-12-08 19:44 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-12-02 18:13 - 2006-11-02 18:23 - 00002577 _____ () C:\Windows\system32\config.nt
2014-11-26 19:43 - 2009-07-08 04:35 - 00000000 ____D () C:\Windows\system32\directx
2014-11-24 01:36 - 2014-11-21 00:30 - 00000000 ____D () C:\Users\MyEminence\AppData\Roaming\REngLauncher

Some content of TEMP:
====================
C:\Users\MyEminence\AppData\Local\temp\Quarantine.exe
C:\Users\MyEminence\AppData\Local\temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-22 17:10

==================== End Of Log ============================

 

------------------------------------------------------------------------------------------------------

Addition.txt

------------------------------------------------------------------------------------------------------

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2014 01
Ran by MyEminence at 2014-12-23 12:53:55
Running from C:\Users\MyEminence\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2d3 SteadyMove Pro (HKLM\...\{2BF4F570-038D-45F1-8CD3-B0134B345BB3}) (Version: 1.21.6220 - 2d3 Ltd)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Accent RAR Password Recovery (HKLM\...\{994D4DFE-FC8C-4039-A493-5B94E4143B1C}) (Version: 3.2.48.3188 - Passcovery Co. Ltd.)
Adobe After Effects CS4 Third Party Content (HKLM\...\Adobe_5aab5a491a3a52ae624fd639f6aaa95) (Version: 9 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Creative Suite 4 Production Premium (HKLM\...\Adobe_0a572e121e19f0f54d2d23782236e1b) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Production Premium (HKLM\...\Adobe_36ac9dc8c9a94feb9e5886810012e78) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Production Premium (HKLM\...\Adobe_83e762451b5cf1655cb11b0be8ae31a) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Media Encoder CS4 Exporter (HKLM\...\Adobe_5eba9bbdf1514a06b1a4c79a2920188) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader 9.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Advanced Archive Password Recovery (HKU\S-1-5-21-185903628-1420016957-2107898834-1000\...\Advanced Archive Password Recovery) (Version: 4.53 - ElcomSoft Co. Ltd.)
Anvil Studio 2011 (HKLM\...\{9E3D3F0B-D447-44DA-9204-2CA004A4133E}) (Version: 11.02.12 - Willow Software)
Any Video Converter 3.2.3 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
ASRock InstantBoot v1.23 (HKLM\...\ASRock InstantBoot_is1) (Version:  - )
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.51 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AV Music Morpher Gold (HKLM\...\AV Music Morpher Gold) (Version:  - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Belkin Setup and Router Monitor (HKLM\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.1.4 - Belkin International, Inc.)
BitTorrent (HKLM\...\BitTorrent) (Version: 7.2.1 - )
Blade and Soul (HKLM\...\{CEF766E5-6E15-441F-B14A-C44CB168DBE7}) (Version: 1.0.0 - PlayBns.com)
Boris Continuum Complete 7 Adobe CS3 CS4 (HKLM\...\{B8CB8785-3E0E-41AB-B201-6FFE6D9FF3CC}) (Version: 7.00.1000 - Boris FX, Inc.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Cedocida DV Codec (HKLM\...\cedocida) (Version:  - )
Cheat Engine 6.0 (HKLM\...\Cheat Engine 6.0_is1) (Version:  - Dark Byte)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CPUID CPU-Z 1.57 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1705 - CyberLink Corp.)
Debugging Tools for Windows (x86) (HKLM\...\{300A2961-B2B5-4889-9CB9-5C2A570D08AD}) (Version: 6.11.1.404 - Microsoft Corporation)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
DMIView B8.0717.01 (HKLM\...\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}) (Version: 1.4 - Gigabyte)
Download Accelerator Plus (DAP) (HKLM\...\Download Accelerator Plus (DAP)) (Version: 9607 (Build 2134) - Speedbit Ltd.)
E.M. Youtube Video Download Tool 3.15 (HKLM\...\E.M. Youtube Video Download Tool_is1) (Version:  - EffectMatrix, Inc.)
EasySaver B9.0904.1  (HKLM\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Foxit Reader (HKLM\...\Foxit Reader) (Version: 4.3.1.118 - Foxit Corporation)
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
Freez FLV to MP3 Converter (HKLM\...\Freez FLV to MP3 Converter v1.5_is1) (Version: 1.5 - www.smallvideosoft.com)
Futuremark SystemInfo (HKLM\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.2.0 - Futuremark Corporation)
GenArts Monsters GT V6 for After Effects CS4 (HKLM\...\{BC0F92C4-4F1C-475E-9FAE-B26A54BC0852}_is1) (Version:  - GenArts, Inc.)
GenArts Sapphire Plug-ins 5.0 for After Effects and Compatible  (HKLM\...\GenArts Sapphire AE_is1) (Version:  - )
GenArts Sapphire RLM Server 8.0.5.1 (HKLM\...\GenArts Reprise License Manager Server_is1) (Version:  - )
Globe Broadband (HKLM\...\Globe Broadband) (Version: 11.300.05.20.158 - Huawei Technologies Co.,Ltd)
Globe Tattoo Broadband (HKLM\...\Globe Tattoo Broadband) (Version: 23.009.09.01.158 - Huawei Technologies Co.,Ltd)
Gmask 1.70 English (HKLM\...\Gmask 1.70 English) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPU Caps Viewer v1.8.2 (HKLM\...\GPU Caps Viewer_is1) (Version:  - oZone3D.Net)
HandBrake 0.9.5 (HKLM\...\HandBrake) (Version: 0.9.5 - )
HWiNFO32 Version 3.84 (HKLM\...\HWiNFO32_is1) (Version: 3.84 - Martin Malík - REALiX)
Instant HD (HKLM\...\Instant HD) (Version:  - )
Instant HD Advanced (HKLM\...\Instant HD Advanced) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java™ 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
JDownloader (HKLM\...\JDownloader) (Version:  - AppWork UG (haftungsbeschränkt))
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Lagarith Lossless Codec (1.3.21) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LightScribe  1.4.124.1 (Version: 1.4.124.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mega Manager (HKLM\...\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}) (Version: 3.5.1.0 - Megaupload Limited)
Mega Manager (Version: 3.5.1.0 - Megaupload Limited) Hidden
MegaTrainer eXperience V1.0.3.6 (HKLM\...\MegaTrainer eXperience_is1) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM\...\{4D243BA7-9AC4-46D1-90E5-EEB88974F501}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MKVcleaver (HKLM\...\{5BAEAA63-8C55-4571-B0FE-695299835907}) (Version: 5.0.3 - MKVcleaver)
MKVtoolnix 2.5.1 (HKLM\...\MKVtoolnix) (Version: 2.5.1 - Moritz Bunkus)
mocha Pro V2.5.2-3520 (HKLM\...\{B7D4740D-02F7-4D53-A50F-7D6ED4BAA54A}) (Version: 2.52.3520 - Imagineer Systems)
MotioninJoy ds3 driver version 0.6.0005 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.6.00005 - www.motioninjoy.com)
Mozilla Firefox (3.6.24) (HKLM\...\Mozilla Firefox (3.6.24)) (Version: 3.6.24 (en-US) - Mozilla)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-185903628-1420016957-2107898834-1000\...\MyFreeCodec) (Version:  - )
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM\...\TkFSVVRPU0hJUFBVREVOVWx0aW1hdGVOaW5qYVNUT1JNM0Z1~D4302771_is1) (Version: 1 - )
NCsoft Launcher (HKLM\...\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}) (Version: 1.5.19002 - NCsoft)
Nero 7 Essentials (HKLM\...\{874AF83E-1BF6-4F2B-9086-BF62BDAE1033}) (Version: 7.02.5608 - Nero AG)
Neverwinter Nights 2 (HKLM\...\{F20C1251-1D0A-4944-B2AE-678581B33B19}) (Version: 1.00.0000 - Obsidian)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Performance (HKLM\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
ON_OFF Charge B11.0110.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Opera Stable 18.0.1284.68 (HKLM\...\Opera 18.0.1284.68) (Version: 18.0.1284.68 - Opera Software ASA)
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r3878) (Version:  - )
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r4600) (Version:  - )
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r5350) (Version:  - )
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r5875) (Version:  - )
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photomatix Pro version 5.0.4 (HKLM\...\PhotomatixPro5x32_is1) (Version: 5.0.4 - HDRsoft Ltd)
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
PianoFX STUDIO 4.0 (HKLM\...\PianoFX STUDIO 4.0_is1) (Version: 4.0 - Tanseon Systems)
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
Primatte Keyer Pro 4.0 (HKLM\...\Primatte Keyer Pro 4.0) (Version:  - )
Q-Share Ver.1.2 (HKLM\...\{F308B531-AB20-4A79-8F5E-83071FE5BE60}) (Version: 1.2 - GIGABYTE)
RAR Password Recovery Professional  (HKLM\...\RAR Password Recovery Professional) (Version:  - SmartKey, Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.)
RESIDENT EVIL 5 (HKLM\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
Resident Evil 6 (HKLM\...\Resident Evil 6_is1) (Version: Resident Evil 6 - )
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 3.52 (HKLM\...\Sandboxie) (Version:  - )
SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)
SMART BRO (HKLM\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE)
SmartCam -- Smart Phone Camera (HKLM\...\SmartCam) (Version: 1.4 - Ionut Dediu)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Sun Broadband Hotspot (HKLM\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
Sun Broadband Wireless (HKLM\...\Sun Broadband Wireless) (Version: 16.001.06.04.256 - Huawei Technologies Co.,Ltd)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.49.1000 - SUPERAntiSpyware.com)
System Requirements Lab (HKLM\...\{0A3A9522-EFA2-4C56-9138-101692C2A130}) (Version: 4.4.26.0 - Husdawg, LLC)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab CYRI (HKLM\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
Tattoo (HKLM\...\Tattoo) (Version: 1.09.00.158 - Huawei Technologies Co.,Ltd)
TechPowerUp GPU-Z (HKLM\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Elder Scrolls V: SKYRIM (HKLM\...\The Elder Scrolls V: SKYRIM_is1) (Version: 1.1.21.0 - Bethesda Softworks)
The Elder Scrolls V: SKYRIM Update 1 + Crack (HKLM\...\The Elder Scrolls V: SKYRIM Update 1 + Crack_is1) (Version:  - )
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.615 - Electronic Arts)
Torchlight (HKLM\...\Runic Games Torchlight) (Version: 0.0.66.192 - )
Total Video Converter 3.71 100812 (HKLM\...\Total Video Converter 3.71_is1) (Version:  - EffectMatrix Inc.)
Trapcode Form (HKLM\...\Trapcode Form) (Version:  - )
Trapcode Lux (HKLM\...\Trapcode Lux) (Version:  - )
Trapcode Particular v2 (HKLM\...\Trapcode Particular v2) (Version:  - )
Trapcode Shine (HKLM\...\Trapcode Shine) (Version:  - )
Trapcode Starglow (HKLM\...\Trapcode Starglow) (Version:  - )
Ultimate Extras sounds from Microsoft® Tinker™ (HKLM\...\UltSounds2) (Version:  - Microsoft Corporation)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Video Enhancer 1.9.6 (HKLM\...\Video Enhancer_is1) (Version:  - Infognition Co. Ltd.)
Video Mover (HKLM\...\Video Mover_is1) (Version:  - )
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VirtualDub Filter Pack 1.0 (HKLM\...\VirtualDub Filter Pack_is1) (Version:  - Dee Mon)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Sound Schemes (HKLM\...\UltSounds) (Version:  - Microsoft Corporation)
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.0) (Version: 1.3.0 - Xvid Team)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

20-12-2014 18:15:44 Scheduled Checkpoint
22-12-2014 07:34:01 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 18:23 - 2014-12-15 12:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A36E0FD-B1E4-442F-8EF7-C5CB188707A6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {1BA01890-A006-4775-96D9-9C006CD61725} - System32\Tasks\SBWUpdateTask_Logon_603d724b-001E101FB681 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2011-04-29] (Speedbit Ltd.)
Task: {2C0E4495-15D7-4064-AEB7-F7D61513256B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-16] (Google Inc.)
Task: {6E42AC87-77E7-4CF2-8A71-7D5E69C28853} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-26] (Piriform Ltd)
Task: {6FCB3434-D68F-4C69-9BA6-FDD2E72CFD3C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-16] (Google Inc.)
Task: {A2F28C6B-05CA-429D-9D09-CC8CC3EDC022} - System32\Tasks\{3876CA48-1F70-41FC-89DE-1217DDFAF0B1} => pcalua.exe -a "C:\Program Files\Hotspot Shield\Uninstall.exe"
Task: {A849459B-C5B4-4F43-90A1-A0BFBE3D7031} - System32\Tasks\SBWUpdateTask_Time_603d724b-001E101FB681 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2011-04-29] (Speedbit Ltd.)
Task: {AADB290B-405E-4545-8B82-37DB1CDA91B8} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - MyEminence => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {B06B490A-A2C7-4FE1-8614-73244FFB24D6} - System32\Tasks\SBWUpdateTask_Time_603d724b-74D435355476 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2011-04-29] (Speedbit Ltd.)
Task: {BE2DD90B-C189-4623-BF7B-23C85EE68627} - System32\Tasks\SBWUpdateTask_Time_603d724b-0025222896A8 => C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe [2011-04-29] (Speedbit Ltd.)
Task: {CF965BB5-C33F-4E2F-B8A7-C2D8CD4AFD11} - System32\Tasks\SBWUpdateTask_Logon_603d724b-0025222896A8 => C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe [2011-04-29] (Speedbit Ltd.)
Task: {E7EE2155-7D72-4669-BBB4-6F2BB6426738} - System32\Tasks\SBWUpdateTask_Logon_603d724b-74D435355476 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2011-04-29] (Speedbit Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-24 16:54 - 2011-04-19 16:29 - 00152576 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
2013-11-24 16:54 - 2010-02-09 15:55 - 00049152 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2013-11-26 17:14 - 2009-08-24 14:38 - 00068136 _____ () C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
2013-11-26 17:14 - 2009-03-13 11:30 - 00109096 _____ () C:\Program Files\Gigabyte\EasySaver\YCC.DLL
2011-05-16 16:37 - 2010-06-04 14:09 - 00704512 _____ () C:\Program Files\GenArts\Monsters-AE\bin\FlowFinder3MonstersAE32.exe
2011-05-16 16:37 - 2008-07-16 13:35 - 00192512 _____ () C:\Program Files\GenArts\Monsters-AE\bin\cudart.dll
2013-12-09 15:09 - 2012-11-12 13:59 - 00657504 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
2013-12-09 15:09 - 2009-01-11 02:32 - 00011362 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\mingwm10.dll
2013-12-09 15:09 - 2009-06-23 10:42 - 00043008 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\libgcc_s_dw2-1.dll
2013-12-09 15:09 - 2012-10-31 17:11 - 02417152 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QtCore4.dll
2013-12-09 15:09 - 2012-10-31 17:14 - 01148416 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QtNetwork4.dll
2013-12-09 15:09 - 2012-11-12 11:48 - 00843264 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QueryStrategy.dll
2013-12-09 15:09 - 2012-10-31 17:11 - 00398336 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QtXml4.dll
2011-03-14 23:27 - 2011-03-14 23:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2011-05-16 16:37 - 2010-06-08 19:39 - 00393216 _____ () C:\Program Files\GenArts\Monsters-AE\bin\JawsServerAE.exe
2011-05-16 16:37 - 2005-11-04 17:40 - 01351680 _____ () C:\Program Files\GenArts\Monsters-AE\bin\jawsnt.dll
2009-07-29 03:04 - 2011-06-24 11:49 - 00269648 _____ () C:\Program Files\SMART BRO\AssistantServices.exe
2010-07-05 05:32 - 2010-07-05 05:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-11-24 16:54 - 2011-04-19 16:29 - 00132608 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2014-12-13 22:00 - 2014-12-13 22:00 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-04-29 22:44 - 2011-04-29 22:44 - 00053248 _____ () C:\Program Files\DAP\zlib.dll
2011-04-29 22:44 - 2011-04-29 22:44 - 00084480 _____ () C:\Windows\system32\EasyHook32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42459759.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70585251.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\76530116.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42459759.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\70585251.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\76530116.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AffinegyService => 2
MSCONFIG\Services: Belkin Local Backup Service => 2
MSCONFIG\Services: Belkin Network USB Helper => 2
MSCONFIG\Services: ES lite Service => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FlowFinder3MonstersAE32 => 2
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: Globe Tattoo Broadband. RunOuc => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HWDeviceService.exe => 2
MSCONFIG\Services: InCDsrv => 2
MSCONFIG\Services: JawsServerAE => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NBService => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: nTuneService => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RLM-GenArts => 3
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: UI Assistant Service => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BDRegion => C:\Program Files\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: BitTorrent => "C:\Program Files\BitTorrent\BitTorrent.exe"
MSCONFIG\startupreg: CheckNDISPort_df => C:\Program Files\Hotspot\Sun Broadband\CheckNDISPort_df.exe
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: DownloadAccelerator => "C:\Program Files\DAP\DAP.EXE" /STARTUP
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: InCD => C:\Program Files\Nero\Nero 7\InCD\InCD.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Mega Manager => C:\Program Files\Megaupload\Mega Manager\MegaManager.exe /Tray
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: Remoter => C:\Users\MyEminence\Downloads\Jpop Funk\RemoterServer\RemoterServer\RemoterServer.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: SecurDisc => C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: UIExec => "C:\Program Files\SMART BRO\UIExec.exe"
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: Windows Mobile-based device management => %WINDIR%\WindowsMobile\wmdcBase.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-185903628-1420016957-2107898834-500 - Administrator - Disabled)
Guest (S-1-5-21-185903628-1420016957-2107898834-501 - Limited - Disabled)
Marcus (S-1-5-21-185903628-1420016957-2107898834-1001 - Administrator - Enabled) => C:\Users\Marcus
MyEminence (S-1-5-21-185903628-1420016957-2107898834-1000 - Administrator - Enabled) => C:\Users\MyEminence
Stempo (S-1-5-21-185903628-1420016957-2107898834-1005 - Administrator - Enabled)
Tempo (S-1-5-21-185903628-1420016957-2107898834-1004 - Administrator - Enabled) => C:\Users\Tempo

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/23/2014 00:49:35 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (12/23/2014 00:43:14 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (12/23/2014 00:43:03 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (12/22/2014 05:28:56 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (12/22/2014 05:28:45 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (12/22/2014 05:06:55 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

System errors:
=============
Error: (12/23/2014 00:50:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt

Error: (12/23/2014 00:50:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Globe Tattoo Broadband. OUC%%1053

Error: (12/23/2014 00:50:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Globe Tattoo Broadband. OUC

Error: (12/23/2014 00:50:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: CSR Bluetooth Service%%3

Error: (12/23/2014 00:50:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: CSR OBEX Service%%3

Error: (12/23/2014 00:44:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: AppleCharger
ElbyCDIO
HWiNFO32
i8042prt
SASDIFSV
SASKUTIL
spldr
Wanarpv6

Error: (12/23/2014 00:44:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer BrowserServer%%1068

Error: (12/23/2014 00:44:03 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.2.8 for the Network Card with network address 74D435355476 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (12/23/2014 00:43:22 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/23/2014 00:43:22 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Microsoft Office Sessions:
=========================
Error: (12/23/2014 00:49:35 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001

Error: (12/23/2014 00:43:14 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (12/23/2014 00:43:03 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001

Error: (12/22/2014 05:28:56 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (12/22/2014 05:28:45 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001

Error: (12/22/2014 05:06:55 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001

CodeIntegrity Errors:
===================================
  Date: 2014-12-23 12:53:36.643
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-23 12:53:36.585
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-23 12:53:36.525
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-23 12:53:36.472
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-23 12:49:31.255
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-22 17:02:34.020
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-22 17:02:33.954
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-22 16:43:51.738
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-22 14:57:53.438
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-22 14:57:53.364
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 45%
Total physical RAM: 2045.77 MB
Available physical RAM: 1116.41 MB
Total Pagefile: 7995 MB
Available Pagefile: 6840.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:169.41 GB) (Free:6.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Fixed) (Total:63.48 GB) (Free:9.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 972CEA52)
Partition 1: (Active) - (Size=63.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=169.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#8
henrymills
Posted 08 January 2015 - 12:30 AM

henrymills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Zep516 please help me again Im sorry if i offended you using rescue disk.


Edited by henrymills, 09 January 2015 - 06:57 AM.

  • 0

#9
zep516
Posted 09 January 2015 - 05:58 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Henrymills,

I have overlooked you. I'll be with you momentarily with instructions.

Thanks
Joe
  • 0

#10
zep516
Posted 10 January 2015 - 12:22 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Henrymills.

Please delete your copy of FRST64 from the desktop, delete any FRST.txt and Additoins.txt logs.

Then
Please Re- download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
In your next reply post:
  • FRST.txt
  • Additions.txt
Thanks
Joe :)
  • 0

Advertisements

#11
henrymills
Posted 11 January 2015 - 09:36 AM

henrymills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

------------------------------------------------------------------------------------------------------

FRST.txt

------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-01-2015
Ran by MyEminence (administrator) on ME-PC on 11-01-2015 22:47:41
Running from C:\Users\MyEminence\Desktop
Loaded Profile: MyEminence (Available profiles: MyEminence & Marcus & Tempo)
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
() C:\Program Files\Gigabyte\EasySaver\essvr.exe
() C:\Program Files\GenArts\Monsters-AE\bin\FlowFinder3MonstersAE32.exe
() C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Nero AG) C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
() C:\Program Files\GenArts\Monsters-AE\bin\JawsServerAE.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files\SMART BRO\AssistantServices.exe
(Speedbit Ltd.) C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(SpeedBit Ltd.) C:\Program Files\DAP\DAP.exe
(BitTorrent, Inc.) C:\Program Files\BitTorrent\BitTorrent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-13] (AVAST Software)
HKU\S-1-5-21-185903628-1420016957-2107898834-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-185903628-1420016957-2107898834-1000\...\Run: [PlayNC Launcher] => [X]
HKU\S-1-5-21-185903628-1420016957-2107898834-1000\...\Run: [DownloadAccelerator] => C:\Program Files\DAP\DAP.EXE [2918576 2011-04-29] (SpeedBit Ltd.)
HKU\S-1-5-21-185903628-1420016957-2107898834-1000\...\Run: [BitTorrent] => C:\Program Files\BitTorrent\BitTorrent.exe [400760 2011-04-29] (BitTorrent, Inc.)
HKU\S-1-5-18\...\Run: [Mobile Partner] => C:\Program Files\Tattoo\Tattoo
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-185903628-1420016957-2107898834-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-185903628-1420016957-2107898834-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-185903628-1420016957-2107898834-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ph/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: IeMonitorBho Class -> {bf00e119-21a3-4fd1-b178-3b8537e75c92} -> C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
BHO: Download Accelerator Plus Integration -> {FF6C3CF0-4B15-11D1-ABED-709549C10000} -> C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} http://clients.futur...y/FMSI_v420.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\2isryo5x.jamocha
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\ywjnhiw1.default\searchplugins\speedbit.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: DownloadHelper - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\ywjnhiw1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-08-16]
FF Extension: Mega Manager Integration - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\k4aolroc.Witchever\Extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6} [2011-11-18]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\pmw0ypsj.noSa\Extensions\[email protected] [2011-12-05]
FF Extension: Adblock Plus - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\pmw0ypsj.noSa\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011-12-05]
FF Extension: Flash Video Downloader - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\wzlrxbcq.MOCHACHO\Extensions\[email protected] [2014-01-29]
FF Extension: DownloadHelper - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\wzlrxbcq.MOCHACHO\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-12-17]
FF Extension: ProxTube - Unblock YouTube - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\7h9u3pwa.AllyEml\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2014-02-04]
FF Extension: DownloadHelper - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\7h9u3pwa.AllyEml\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-12]
FF Extension: anonymoX - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\7h9u3pwa.AllyEml\Extensions\[email protected] [2014-02-04]
FF Extension: Stealthy - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\7h9u3pwa.AllyEml\Extensions\[email protected] [2014-02-04]
FF Extension: DownThemAll! - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\7h9u3pwa.AllyEml\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-04-12]
FF Extension: DownloadHelper - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\yt7spcd8.Serpindor\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-28]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\2isryo5x.jamocha\Extensions\[email protected] [2014-12-13]
FF Extension: DownloadHelper - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\2isryo5x.jamocha\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF Extension: No Name - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\2isryo5x.jamocha\Extensions\[email protected] [2014-10-28]
FF Extension: ProxTube - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\2isryo5x.jamocha\Extensions\[email protected] [2014-09-30]
FF Extension: Download YouTube Videos as MP4 - C:\Users\MyEminence\AppData\Roaming\Mozilla\Firefox\Profiles\2isryo5x.jamocha\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-10-26]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-08-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2012-01-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-26]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-13]
FF HKU\S-1-5-21-185903628-1420016957-2107898834-1000\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files\DAP\DAPFireFox [2011-04-29]
FF HKU\S-1-5-21-185903628-1420016957-2107898834-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\MyEminence\AppData\Roaming\IDM\idmmzcc3
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox2\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-16]
CHR Extension: (Google Docs) - C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-16]
CHR Extension: (Google Drive) - C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-16]
CHR Extension: (YouTube) - C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-16]
CHR Extension: (Google Search) - C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-16]
CHR Extension: (Google Sheets) - C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-16]
CHR Extension: (Avast Online Security) - C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-22]
CHR Extension: (Google Wallet) - C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-16]
CHR Extension: (Gmail) - C:\Users\MyEminence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-13]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [562592 2011-05-27] (Affinegy, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152576 2011-04-19] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] () [File not signed]
R2 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 FlowFinder3MonstersAE32; C:\Program Files\GenArts\Monsters-AE\bin\FlowFinder3MonstersAE32.exe [704512 2010-06-04] () [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [130976 2011-08-15] (Futuremark Corporation)
S2 Globe Tattoo Broadband. RunOuc; C:\Program Files\Globe Tattoo Broadband\UpdateDog\ouc.exe [657504 2012-11-12] ()
R2 HFGService; C:\Windows\System32\HFGService.dll [411136 2007-08-14] (CSR, plc)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [924160 2007-02-12] (Nero AG) [File not signed]
R2 JawsServerAE; C:\Program Files\GenArts\Monsters-AE\bin\JawsServerAE.exe [393216 2010-06-08] () [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [192832 2011-09-19] (NVIDIA)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
S3 RLM-GenArts; C:\Program Files\GenArts\rlm\rlm.exe [1540096 2010-06-03] (Reprise Software Inc.) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [69864 2011-01-12] (SANDBOXIE L.T.D)
R2 UI Assistant Service; C:\Program Files\SMART BRO\AssistantServices.exe [269648 2011-06-24] ()
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 CsrBtOBEXService; "C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe" [X]
S2 CsrBtService; "C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [18544 2011-01-10] ()
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
S3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [48128 2010-12-22] (Cambridge Silicon Radio Limited)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R3 gdrv; C:\Windows\gdrv.sys [17488 2015-01-11] (Windows ® 2000 DDK provider)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [96000 2012-08-20] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70272 2012-10-29] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-08-20] (Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\Program Files\HWiNFO32\HWiNFO32.SYS [20216 2011-05-22] (REALiX™)
R4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [112384 2007-02-12] (Nero AG) [File not signed]
R1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [31360 2007-02-12] (Nero AG) [File not signed]
U1 InCDrec; C:\Windows\system32\Drivers\InCDrec.sys [10624 2007-02-12] (Nero AG) [File not signed]
R1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [33792 2007-02-12] (Nero AG) [File not signed]
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [68208 2011-03-23] (Atheros Communications, Inc.)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-03-26] (MBB Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-18] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-11] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [125672 2011-01-12] (SANDBOXIE L.T.D)
R0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows ® 2000 DDK provider) [File not signed]
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-06-16] (DEVGURU Co., LTD.(www.devguru.co.kr))
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [247320 2009-06-22] (silex technology, Inc.)
S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [107776 2011-03-26] (ZTE Incorporated)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [87536 2010-04-02] (CyberLink Corp.)
S3 BthAudioHF; system32\DRIVERS\BthAudioHF.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\Users\MYEMIN~1\AppData\Local\Temp\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X]
S3 CsrBtPort; system32\DRIVERS\CsrBtPort.sys [X]
S3 csrusb; System32\Drivers\csrusb.sys [X]
S3 GPU-Z; \??\C:\Users\MYEMIN~1\AppData\Local\Temp\GPU-Z.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2099-12-15 19:44 - 2011-02-17 13:24 - 00000000 ____D () C:\Windows\system32\Plugins
2015-01-11 22:47 - 2015-01-11 22:48 - 00021413 _____ () C:\Users\MyEminence\Desktop\FRST.txt
2015-01-11 22:40 - 2015-01-11 22:39 - 01115648 _____ (Farbar) C:\Users\MyEminence\Desktop\FRST.exe
2015-01-11 22:39 - 2015-01-11 22:39 - 01115648 _____ (Farbar) C:\Users\MyEminence\Downloads\FRST (1).exe
2015-01-11 22:38 - 2015-01-11 22:38 - 00000000 ____D () C:\Users\MyEminence\Documents\FRST Farbar Recovery Logs Backup
2015-01-01 23:01 - 2015-01-01 23:31 - 00000000 ____D () C:\NewYear
2014-12-23 12:52 - 2015-01-11 22:47 - 00000000 ____D () C:\FRST
2014-12-23 12:47 - 2014-12-23 12:47 - 01114112 _____ (Farbar) C:\Users\MyEminence\Downloads\FRST.exe
2014-12-22 16:55 - 2014-12-22 16:55 - 00001809 _____ () C:\Users\MyEminence\Desktop\JRT.txt
2014-12-22 16:49 - 2014-12-22 16:49 - 00000000 ____D () C:\Windows\ERUNT
2014-12-22 15:41 - 2014-12-22 17:23 - 00000000 ____D () C:\Users\MyEminence\Downloads\Logans
2014-12-22 14:20 - 2014-12-22 14:20 - 00007565 _____ () C:\kaspersky
2014-12-22 14:06 - 2014-12-22 14:07 - 02173952 _____ () C:\Users\MyEminence\Downloads\AdwCleaner.exe
2014-12-22 14:05 - 2014-12-22 14:07 - 01707646 _____ (Thisisu) C:\Users\MyEminence\Downloads\JRT.exe
2014-12-22 14:03 - 2014-12-22 14:04 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\MyEminence\Downloads\tdsskiller.exe
2014-12-22 13:45 - 2014-12-22 13:45 - 00380416 _____ () C:\Users\MyEminence\Downloads\mkrz8xj8.exe
2014-12-20 18:23 - 2014-12-20 18:23 - 00003789 _____ () C:\Users\MyEminence\Documents\Mbam2.txt
2014-12-20 18:21 - 2014-12-20 18:35 - 00003401 _____ () C:\Users\MyEminence\Documents\Mbam.txt
2014-12-20 12:48 - 2014-12-20 12:48 - 00026227 _____ () C:\ComboFix.txt
2014-12-19 07:10 - 2014-12-19 07:24 - 00001230 _____ () C:\Users\MyEminence\Documents\antivirus.txt
2014-12-19 02:43 - 2014-12-19 02:43 - 00070932 _____ () C:\Users\MyEminence\Downloads\Extras.Txt
2014-12-19 02:40 - 2014-12-19 02:46 - 00117316 _____ () C:\Users\MyEminence\Downloads\OTL.Txt
2014-12-19 02:15 - 2014-12-19 02:15 - 00602112 _____ (OldTimer Tools) C:\Users\MyEminence\Downloads\OTL.exe
2014-12-15 11:59 - 2014-12-15 00:44 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Marcus\Downloads\tdsskiller (1).exe
2014-12-15 11:56 - 2014-12-15 12:01 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-12-15 11:51 - 2014-12-15 11:51 - 00000680 _____ () C:\Users\Marcus\AppData\Local\d3d9caps.dat
2014-12-15 11:40 - 2014-12-15 11:40 - 00000000 ____D () C:\Users\Marcus\AppData\Local\NVIDIA
2014-12-14 23:44 - 2014-12-14 23:46 - 00004608 _____ () C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-14 23:44 - 2014-12-14 23:44 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\DivX
2014-12-14 23:21 - 2014-12-15 12:02 - 00002800 _____ () C:\Users\Marcus\Desktop\Rkill.txt
2014-12-14 23:21 - 2014-12-14 23:21 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Adobe
2014-12-14 23:19 - 2014-12-14 23:19 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\AVAST Software
2014-12-14 23:18 - 2014-12-14 23:25 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\BitTorrent
2014-12-14 23:18 - 2014-12-14 23:18 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Google
2014-12-14 07:55 - 2014-12-20 12:48 - 00000000 ____D () C:\Qoobox
2014-12-14 07:55 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-14 07:55 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-14 07:55 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-14 07:55 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-14 07:55 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-14 07:55 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-14 07:55 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-14 07:55 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-14 07:54 - 2014-12-15 12:35 - 00000000 ____D () C:\Windows\erdnt
2014-12-14 00:23 - 2014-12-14 00:23 - 00000020 ___SH () C:\Users\Tempo\ntuser.ini
2014-12-14 00:23 - 2014-12-14 00:23 - 00000000 ____D () C:\Users\Tempo
2014-12-14 00:23 - 2011-05-16 16:01 - 00000000 ____D () C:\Users\Tempo\Documents\DE_DeliriumWin32
2014-12-14 00:23 - 2008-01-21 10:41 - 00000000 ___RD () C:\Users\Tempo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-14 00:23 - 2008-01-21 10:41 - 00000000 ___RD () C:\Users\Tempo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-14 00:12 - 2014-12-14 00:12 - 00688992 _____ (Swearware) C:\Users\MyEminence\Downloads\dds.scr.dap
2014-12-13 23:59 - 2014-12-13 23:59 - 00380416 _____ () C:\Users\MyEminence\Downloads\12euwm1j.exe
2014-12-13 23:58 - 2014-12-13 23:59 - 05600944 ____R (Swearware) C:\Users\MyEminence\Downloads\ComboFix.exe
2014-12-13 23:58 - 2014-12-13 23:58 - 00094976 _____ () C:\Users\MyEminence\Downloads\0khxlufy.exe.dap
2014-12-13 22:49 - 2014-12-13 22:49 - 00000000 ____D () C:\Users\MyEminence\AppData\Roaming\AVAST Software
2014-12-13 22:36 - 2014-12-14 07:51 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-13 22:36 - 2014-12-14 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-13 22:36 - 2014-12-14 07:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-13 22:36 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-13 22:27 - 2015-01-01 22:55 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-13 22:27 - 2014-12-22 09:58 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-13 22:27 - 2014-12-13 22:27 - 00000000 ____D () C:\Users\MyEminence\Downloads\mbam-chameleon-3.1.7.0
2014-12-13 22:26 - 2014-12-22 09:59 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-13 22:26 - 2014-12-13 22:26 - 00000000 ____D () C:\Users\MyEminence\Downloads\Mar
2014-12-13 22:08 - 2014-12-13 22:12 - 16448208 _____ (Malwarebytes Corp.) C:\Users\MyEminence\Downloads\mbar-1.08.2.1001.exe
2014-12-13 22:08 - 2014-12-13 22:10 - 04909382 _____ () C:\Users\MyEminence\Downloads\mbam-chameleon-3.1.7.0.zip
2014-12-13 22:07 - 2014-12-13 22:47 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-12-13 22:07 - 2014-12-13 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-12-13 22:07 - 2014-12-13 22:07 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-12-13 22:06 - 2014-12-13 22:06 - 00000852 _____ () C:\Users\Public\Desktop\FileASSASSIN.lnk
2014-12-13 22:06 - 2014-12-13 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2014-12-13 22:06 - 2014-12-13 22:06 - 00000000 ____D () C:\Program Files\FileASSASSIN
2014-12-13 22:00 - 2014-12-14 07:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-13 22:00 - 2014-12-13 22:00 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-13 22:00 - 2014-12-13 22:00 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-13 22:00 - 2014-12-13 22:00 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-13 22:00 - 2014-12-13 22:00 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-13 22:00 - 2014-12-13 22:00 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-13 22:00 - 2014-12-13 22:00 - 00057928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-12-13 22:00 - 2014-12-13 22:00 - 00055240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-12-13 22:00 - 2014-12-13 22:00 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-13 22:00 - 2014-12-13 22:00 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-13 22:00 - 2014-12-13 22:00 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-13 22:00 - 2014-12-13 22:00 - 00001889 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2014-12-13 22:00 - 2014-12-13 22:00 - 00001871 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-13 22:00 - 2014-12-13 22:00 - 00000350 ____H () C:\Windows\Tasks\avast! Emergency Update.job
2014-12-13 21:53 - 2014-12-13 21:53 - 00167034 _____ () C:\Users\MyEminence\Downloads\fileassassin-setup-1.06.exe
2014-12-13 21:53 - 2014-12-13 21:53 - 00065232 _____ (Malwarebytes) C:\Users\MyEminence\Downloads\regassassin-setup-1.03.exe
2014-12-13 21:48 - 2014-12-13 21:49 - 02967032 _____ (Malwarebytes ) C:\Users\MyEminence\Downloads\mbae-setup-1.05.1.1016.exe
2014-12-13 14:03 - 2014-12-13 21:49 - 00000000 ____D () C:\Users\MyEminence\Downloads\AwesomeMix Vol1
2014-12-13 13:50 - 2014-12-13 13:50 - 00000000 _____ () C:\Users\MyEminence\Downloads\10. Rupert Holmes - Escape The Pina Colada Song.mp3.crdownload
2014-12-12 18:13 - 2014-12-12 18:14 - 00000107 _____ () C:\Windows\system32\list
2014-12-12 16:28 - 2014-12-12 16:28 - 00000300 _____ () C:\Users\MyEminence\Desktop\MyEminence - Shortcut.lnk
2014-12-12 01:22 - 2011-04-21 21:55 - 00508416 _____ (Microsoft Corporation) C:\Windows\system32\bthport.sys
2014-12-12 01:22 - 2009-06-17 21:23 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\BTHUSB.SYS

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 22:45 - 2009-04-11 20:38 - 01048569 _____ () C:\Windows\WindowsUpdate.log
2015-01-11 22:44 - 2011-04-29 22:45 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-11 22:44 - 2011-02-26 02:32 - 00000000 ____D () C:\Users\MyEminence\AppData\Roaming\BitTorrent
2015-01-11 22:42 - 2014-09-16 20:20 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-11 22:42 - 2013-11-26 17:45 - 00017488 _____ (Windows ® 2000 DDK provider) C:\Windows\gdrv.sys
2015-01-11 22:42 - 2013-11-26 17:14 - 00000145 _____ () C:\service.log
2015-01-11 22:41 - 2006-11-02 21:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-11 22:41 - 2006-11-02 20:46 - 00004928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 22:41 - 2006-11-02 20:46 - 00004928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-02 18:51 - 2012-02-24 18:43 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-01-02 18:51 - 2006-11-02 21:00 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-02 18:46 - 2006-11-02 18:33 - 00764992 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-01 23:04 - 2014-01-29 16:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-22 16:43 - 2011-12-04 11:22 - 00491636 _____ () C:\Windows\PFRO.log
2014-12-22 16:24 - 2014-11-09 20:28 - 00000000 ____D () C:\AdwCleaner
2014-12-22 06:29 - 2014-11-12 17:53 - 00002252 _____ () C:\Users\MyEminence\Desktop\Rkill.txt
2014-12-21 14:25 - 2014-09-21 06:01 - 00000000 ____D () C:\Users\MyEminence\Downloads\Jpop Funk
2014-12-21 14:25 - 2014-07-21 22:42 - 04619629 _____ () C:\Users\MyEminence\Downloads\BuXVIDS08E10.part2.rar
2014-12-21 14:25 - 2014-07-21 22:33 - 00000020 _____ () C:\Users\MyEminence\Downloads\BuXVIDS08E10.part1.rar
2014-12-21 14:25 - 2014-07-19 19:15 - 04873467 _____ () C:\Users\MyEminence\Downloads\BuXVIDS08E09.part2.rar
2014-12-21 14:25 - 2014-07-19 19:13 - 00000020 _____ () C:\Users\MyEminence\Downloads\BuXVIDS08E09.part1.rar
2014-12-21 14:25 - 2014-07-19 00:45 - 00000020 _____ () C:\Users\MyEminence\Downloads\BuXVIDS08E08.part1.rar
2014-12-21 14:25 - 2014-07-18 23:38 - 04442801 _____ () C:\Users\MyEminence\Downloads\BuXVIDS08E08.part2.rar
2014-12-20 18:27 - 2006-11-02 20:41 - 00000000 ____D () C:\Windows\WindowsMobile
2014-12-20 18:25 - 2011-04-02 17:26 - 00000000 ____D () C:\Users\MyEminence\Downloads\AV.Music.Morpher.Gold.v5.0.35.WinAll.Cracked-CRD
2014-12-20 18:25 - 2011-03-12 13:05 - 00000000 ____D () C:\Users\MyEminence\Downloads\Compressed
2014-12-20 18:25 - 2011-02-27 06:00 - 00000000 ____D () C:\Users\MyEminence\Downloads\2worlds
2014-12-20 12:45 - 2006-11-02 18:23 - 00000215 _____ () C:\Windows\system.ini
2014-12-19 06:51 - 2011-02-23 03:16 - 00000000 ____D () C:\Users\MyEminence\AppData\Roaming\vlc
2014-12-19 06:45 - 2011-02-28 01:36 - 00000000 ____D () C:\Program Files\mIRC
2014-12-19 02:15 - 2011-04-29 22:49 - 00001208 _____ () C:\Users\MyEminence\Desktop\My DAP Downloads.lnk
2014-12-15 13:08 - 2012-04-02 12:41 - 00000000 ____D () C:\ProgramData\InstallMate
2014-12-15 12:38 - 2009-07-11 06:00 - 00000000 ____D () C:\Users\watta
2014-12-15 12:38 - 2006-11-02 19:18 - 00000000 __RHD () C:\Users\Default
2014-12-15 12:38 - 2006-11-02 19:18 - 00000000 ___RD () C:\Users\Public
2014-12-15 11:58 - 2008-01-23 01:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-15 11:57 - 2011-02-23 03:28 - 00000000 ____D () C:\Program Files\Unlocker
2014-12-15 11:50 - 2008-01-23 02:02 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-14 23:44 - 2011-04-08 00:41 - 00000155 _____ () C:\Windows\NeroDigital.ini
2014-12-14 23:21 - 2009-07-29 07:29 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Adobe
2014-12-13 23:29 - 2014-11-12 17:53 - 00000000 ____D () C:\Users\MyEminence\Desktop\rkill
2014-12-13 22:47 - 2011-02-23 03:33 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-12-13 22:36 - 2011-02-23 03:35 - 00000000 ____D () C:\Users\MyEminence\AppData\Roaming\Malwarebytes
2014-12-13 22:36 - 2011-02-23 03:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-13 22:05 - 2011-02-21 13:52 - 00002032 _____ () C:\Users\MyEminence\AppData\Local\d3d9caps.dat
2014-12-13 21:47 - 2014-12-02 20:04 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-13 13:51 - 2014-01-29 17:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-13 13:51 - 2011-08-16 17:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox2
2014-12-12 17:17 - 2014-10-28 03:15 - 00017090 _____ () C:\Windows\setupact.log
2014-12-12 17:17 - 2006-11-02 19:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-12 16:44 - 2011-03-12 13:43 - 00000000 ____D () C:\Windows\Minidump
2014-12-12 16:43 - 2014-12-02 15:54 - 00162465 _____ () C:\Windows\Minidump\Mini121214-01.dmp
2014-12-12 16:41 - 2011-02-21 13:52 - 00000000 ____D () C:\Users\MyEminence
2014-12-12 16:22 - 2014-12-02 15:54 - 00158337 _____ () C:\Windows\DUMP3986.tmp
2014-12-12 06:10 - 2014-09-16 20:28 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

Some content of TEMP:
====================
C:\Users\MyEminence\AppData\Local\temp\Quarantine.exe
C:\Users\MyEminence\AppData\Local\temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-11 22:48

==================== End Of Log ============================

 

------------------------------------------------------------------------------------------------------

Addition.txt

------------------------------------------------------------------------------------------------------

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-01-2015
Ran by MyEminence at 2015-01-11 22:48:30
Running from C:\Users\MyEminence\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2d3 SteadyMove Pro (HKLM\...\{2BF4F570-038D-45F1-8CD3-B0134B345BB3}) (Version: 1.21.6220 - 2d3 Ltd)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Accent RAR Password Recovery (HKLM\...\{994D4DFE-FC8C-4039-A493-5B94E4143B1C}) (Version: 3.2.48.3188 - Passcovery Co. Ltd.)
Adobe After Effects CS4 Third Party Content (HKLM\...\Adobe_5aab5a491a3a52ae624fd639f6aaa95) (Version: 9 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Creative Suite 4 Production Premium (HKLM\...\Adobe_0a572e121e19f0f54d2d23782236e1b) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Production Premium (HKLM\...\Adobe_36ac9dc8c9a94feb9e5886810012e78) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Production Premium (HKLM\...\Adobe_83e762451b5cf1655cb11b0be8ae31a) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Media Encoder CS4 Exporter (HKLM\...\Adobe_5eba9bbdf1514a06b1a4c79a2920188) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader 9.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Advanced Archive Password Recovery (HKU\S-1-5-21-185903628-1420016957-2107898834-1000\...\Advanced Archive Password Recovery) (Version: 4.53 - ElcomSoft Co. Ltd.)
Anvil Studio 2011 (HKLM\...\{9E3D3F0B-D447-44DA-9204-2CA004A4133E}) (Version: 11.02.12 - Willow Software)
Any Video Converter 3.2.3 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
ASRock InstantBoot v1.23 (HKLM\...\ASRock InstantBoot_is1) (Version:  - )
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.51 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AV Music Morpher Gold (HKLM\...\AV Music Morpher Gold) (Version:  - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Belkin Setup and Router Monitor (HKLM\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.1.4 - Belkin International, Inc.)
BitTorrent (HKLM\...\BitTorrent) (Version: 7.2.1 - )
Blade and Soul (HKLM\...\{CEF766E5-6E15-441F-B14A-C44CB168DBE7}) (Version: 1.0.0 - PlayBns.com)
Boris Continuum Complete 7 Adobe CS3 CS4 (HKLM\...\{B8CB8785-3E0E-41AB-B201-6FFE6D9FF3CC}) (Version: 7.00.1000 - Boris FX, Inc.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Cedocida DV Codec (HKLM\...\cedocida) (Version:  - )
Cheat Engine 6.0 (HKLM\...\Cheat Engine 6.0_is1) (Version:  - Dark Byte)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CPUID CPU-Z 1.57 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1705 - CyberLink Corp.)
Debugging Tools for Windows (x86) (HKLM\...\{300A2961-B2B5-4889-9CB9-5C2A570D08AD}) (Version: 6.11.1.404 - Microsoft Corporation)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
DMIView B8.0717.01 (HKLM\...\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}) (Version: 1.4 - Gigabyte)
Download Accelerator Plus (DAP) (HKLM\...\Download Accelerator Plus (DAP)) (Version: 9607 (Build 2134) - Speedbit Ltd.)
E.M. Youtube Video Download Tool 3.15 (HKLM\...\E.M. Youtube Video Download Tool_is1) (Version:  - EffectMatrix, Inc.)
EasySaver B9.0904.1  (HKLM\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Foxit Reader (HKLM\...\Foxit Reader) (Version: 4.3.1.118 - Foxit Corporation)
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
Freez FLV to MP3 Converter (HKLM\...\Freez FLV to MP3 Converter v1.5_is1) (Version: 1.5 - www.smallvideosoft.com)
Futuremark SystemInfo (HKLM\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.2.0 - Futuremark Corporation)
GenArts Monsters GT V6 for After Effects CS4 (HKLM\...\{BC0F92C4-4F1C-475E-9FAE-B26A54BC0852}_is1) (Version:  - GenArts, Inc.)
GenArts Sapphire Plug-ins 5.0 for After Effects and Compatible  (HKLM\...\GenArts Sapphire AE_is1) (Version:  - )
GenArts Sapphire RLM Server 8.0.5.1 (HKLM\...\GenArts Reprise License Manager Server_is1) (Version:  - )
Globe Broadband (HKLM\...\Globe Broadband) (Version: 11.300.05.20.158 - Huawei Technologies Co.,Ltd)
Globe Tattoo Broadband (HKLM\...\Globe Tattoo Broadband) (Version: 23.009.09.01.158 - Huawei Technologies Co.,Ltd)
Gmask 1.70 English (HKLM\...\Gmask 1.70 English) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPU Caps Viewer v1.8.2 (HKLM\...\GPU Caps Viewer_is1) (Version:  - oZone3D.Net)
HandBrake 0.9.5 (HKLM\...\HandBrake) (Version: 0.9.5 - )
HWiNFO32 Version 3.84 (HKLM\...\HWiNFO32_is1) (Version: 3.84 - Martin Malík - REALiX)
Instant HD (HKLM\...\Instant HD) (Version:  - )
Instant HD Advanced (HKLM\...\Instant HD Advanced) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java™ 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
JDownloader (HKLM\...\JDownloader) (Version:  - AppWork UG (haftungsbeschränkt))
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Lagarith Lossless Codec (1.3.21) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LightScribe  1.4.124.1 (Version: 1.4.124.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mega Manager (HKLM\...\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}) (Version: 3.5.1.0 - Megaupload Limited)
Mega Manager (Version: 3.5.1.0 - Megaupload Limited) Hidden
MegaTrainer eXperience V1.0.3.6 (HKLM\...\MegaTrainer eXperience_is1) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM\...\{4D243BA7-9AC4-46D1-90E5-EEB88974F501}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MKVcleaver (HKLM\...\{5BAEAA63-8C55-4571-B0FE-695299835907}) (Version: 5.0.3 - MKVcleaver)
MKVtoolnix 2.5.1 (HKLM\...\MKVtoolnix) (Version: 2.5.1 - Moritz Bunkus)
mocha Pro V2.5.2-3520 (HKLM\...\{B7D4740D-02F7-4D53-A50F-7D6ED4BAA54A}) (Version: 2.52.3520 - Imagineer Systems)
MotioninJoy ds3 driver version 0.6.0005 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.6.00005 - www.motioninjoy.com)
Mozilla Firefox (3.6.24) (HKLM\...\Mozilla Firefox (3.6.24)) (Version: 3.6.24 (en-US) - Mozilla)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-185903628-1420016957-2107898834-1000\...\MyFreeCodec) (Version:  - )
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM\...\TkFSVVRPU0hJUFBVREVOVWx0aW1hdGVOaW5qYVNUT1JNM0Z1~D4302771_is1) (Version: 1 - )
NCsoft Launcher (HKLM\...\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}) (Version: 1.5.19002 - NCsoft)
Nero 7 Essentials (HKLM\...\{874AF83E-1BF6-4F2B-9086-BF62BDAE1033}) (Version: 7.02.5608 - Nero AG)
Neverwinter Nights 2 (HKLM\...\{F20C1251-1D0A-4944-B2AE-678581B33B19}) (Version: 1.00.0000 - Obsidian)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Performance (HKLM\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
ON_OFF Charge B11.0110.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Opera Stable 18.0.1284.68 (HKLM\...\Opera 18.0.1284.68) (Version: 18.0.1284.68 - Opera Software ASA)
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r3878) (Version:  - )
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r4600) (Version:  - )
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r5350) (Version:  - )
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r5875) (Version:  - )
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photomatix Pro version 5.0.4 (HKLM\...\PhotomatixPro5x32_is1) (Version: 5.0.4 - HDRsoft Ltd)
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
PianoFX STUDIO 4.0 (HKLM\...\PianoFX STUDIO 4.0_is1) (Version: 4.0 - Tanseon Systems)
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
Primatte Keyer Pro 4.0 (HKLM\...\Primatte Keyer Pro 4.0) (Version:  - )
Q-Share Ver.1.2 (HKLM\...\{F308B531-AB20-4A79-8F5E-83071FE5BE60}) (Version: 1.2 - GIGABYTE)
RAR Password Recovery Professional  (HKLM\...\RAR Password Recovery Professional) (Version:  - SmartKey, Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.)
RESIDENT EVIL 5 (HKLM\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
Resident Evil 6 (HKLM\...\Resident Evil 6_is1) (Version: Resident Evil 6 - )
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 3.52 (HKLM\...\Sandboxie) (Version:  - )
SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)
SMART BRO (HKLM\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE)
SmartCam -- Smart Phone Camera (HKLM\...\SmartCam) (Version: 1.4 - Ionut Dediu)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Sun Broadband Hotspot (HKLM\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
Sun Broadband Wireless (HKLM\...\Sun Broadband Wireless) (Version: 16.001.06.04.256 - Huawei Technologies Co.,Ltd)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.49.1000 - SUPERAntiSpyware.com)
System Requirements Lab (HKLM\...\{0A3A9522-EFA2-4C56-9138-101692C2A130}) (Version: 4.4.26.0 - Husdawg, LLC)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab CYRI (HKLM\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
Tattoo (HKLM\...\Tattoo) (Version: 1.09.00.158 - Huawei Technologies Co.,Ltd)
TechPowerUp GPU-Z (HKLM\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Elder Scrolls V: SKYRIM (HKLM\...\The Elder Scrolls V: SKYRIM_is1) (Version: 1.1.21.0 - Bethesda Softworks)
The Elder Scrolls V: SKYRIM Update 1 + Crack (HKLM\...\The Elder Scrolls V: SKYRIM Update 1 + Crack_is1) (Version:  - )
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.615 - Electronic Arts)
Torchlight (HKLM\...\Runic Games Torchlight) (Version: 0.0.66.192 - )
Total Video Converter 3.71 100812 (HKLM\...\Total Video Converter 3.71_is1) (Version:  - EffectMatrix Inc.)
Trapcode Form (HKLM\...\Trapcode Form) (Version:  - )
Trapcode Lux (HKLM\...\Trapcode Lux) (Version:  - )
Trapcode Particular v2 (HKLM\...\Trapcode Particular v2) (Version:  - )
Trapcode Shine (HKLM\...\Trapcode Shine) (Version:  - )
Trapcode Starglow (HKLM\...\Trapcode Starglow) (Version:  - )
Ultimate Extras sounds from Microsoft® Tinker™ (HKLM\...\UltSounds2) (Version:  - Microsoft Corporation)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Video Enhancer 1.9.6 (HKLM\...\Video Enhancer_is1) (Version:  - Infognition Co. Ltd.)
Video Mover (HKLM\...\Video Mover_is1) (Version:  - )
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VirtualDub Filter Pack 1.0 (HKLM\...\VirtualDub Filter Pack_is1) (Version:  - Dee Mon)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Sound Schemes (HKLM\...\UltSounds) (Version:  - Microsoft Corporation)
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.0) (Version: 1.3.0 - Xvid Team)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

20-12-2014 18:15:44 Scheduled Checkpoint
22-12-2014 07:34:01 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 18:23 - 2014-12-15 12:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A36E0FD-B1E4-442F-8EF7-C5CB188707A6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {1BA01890-A006-4775-96D9-9C006CD61725} - System32\Tasks\SBWUpdateTask_Logon_603d724b-001E101FB681 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2011-04-29] (Speedbit Ltd.)
Task: {2C0E4495-15D7-4064-AEB7-F7D61513256B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-16] (Google Inc.)
Task: {58BAA9EA-8ECD-4D38-8CCC-1C7388B92371} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - MyEminence => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {6E42AC87-77E7-4CF2-8A71-7D5E69C28853} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-26] (Piriform Ltd)
Task: {6FCB3434-D68F-4C69-9BA6-FDD2E72CFD3C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-16] (Google Inc.)
Task: {A2F28C6B-05CA-429D-9D09-CC8CC3EDC022} - System32\Tasks\{3876CA48-1F70-41FC-89DE-1217DDFAF0B1} => pcalua.exe -a "C:\Program Files\Hotspot Shield\Uninstall.exe"
Task: {A849459B-C5B4-4F43-90A1-A0BFBE3D7031} - System32\Tasks\SBWUpdateTask_Time_603d724b-001E101FB681 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2011-04-29] (Speedbit Ltd.)
Task: {B06B490A-A2C7-4FE1-8614-73244FFB24D6} - System32\Tasks\SBWUpdateTask_Time_603d724b-74D435355476 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2011-04-29] (Speedbit Ltd.)
Task: {BE2DD90B-C189-4623-BF7B-23C85EE68627} - System32\Tasks\SBWUpdateTask_Time_603d724b-0025222896A8 => C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe [2011-04-29] (Speedbit Ltd.)
Task: {CF965BB5-C33F-4E2F-B8A7-C2D8CD4AFD11} - System32\Tasks\SBWUpdateTask_Logon_603d724b-0025222896A8 => C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe [2011-04-29] (Speedbit Ltd.)
Task: {E7EE2155-7D72-4669-BBB4-6F2BB6426738} - System32\Tasks\SBWUpdateTask_Logon_603d724b-74D435355476 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2011-04-29] (Speedbit Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-24 16:54 - 2011-04-19 16:29 - 00152576 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
2013-11-24 16:54 - 2010-02-09 15:55 - 00049152 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2013-11-26 17:14 - 2009-08-24 14:38 - 00068136 _____ () C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
2013-11-26 17:14 - 2009-03-13 11:30 - 00109096 _____ () C:\Program Files\Gigabyte\EasySaver\YCC.DLL
2011-05-16 16:37 - 2010-06-04 14:09 - 00704512 _____ () C:\Program Files\GenArts\Monsters-AE\bin\FlowFinder3MonstersAE32.exe
2011-05-16 16:37 - 2008-07-16 13:35 - 00192512 _____ () C:\Program Files\GenArts\Monsters-AE\bin\cudart.dll
2013-12-09 15:09 - 2012-11-12 13:59 - 00657504 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
2013-12-09 15:09 - 2009-01-11 02:32 - 00011362 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\mingwm10.dll
2013-12-09 15:09 - 2009-06-23 10:42 - 00043008 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\libgcc_s_dw2-1.dll
2013-12-09 15:09 - 2012-10-31 17:11 - 02417152 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QtCore4.dll
2013-12-09 15:09 - 2012-10-31 17:14 - 01148416 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QtNetwork4.dll
2013-12-09 15:09 - 2012-11-12 11:48 - 00843264 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QueryStrategy.dll
2013-12-09 15:09 - 2012-10-31 17:11 - 00398336 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QtXml4.dll
2011-03-14 23:27 - 2011-03-14 23:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2011-05-16 16:37 - 2010-06-08 19:39 - 00393216 _____ () C:\Program Files\GenArts\Monsters-AE\bin\JawsServerAE.exe
2011-05-16 16:37 - 2005-11-04 17:40 - 01351680 _____ () C:\Program Files\GenArts\Monsters-AE\bin\jawsnt.dll
2009-07-29 03:04 - 2011-06-24 11:49 - 00269648 _____ () C:\Program Files\SMART BRO\AssistantServices.exe
2011-04-29 22:44 - 2011-04-29 22:44 - 00084480 _____ () C:\Windows\system32\EasyHook32.dll
2010-07-05 05:32 - 2010-07-05 05:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-11-24 16:54 - 2011-04-19 16:29 - 00132608 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2014-12-13 22:00 - 2014-12-13 22:00 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-04-29 22:44 - 2011-04-29 22:44 - 00053248 _____ () C:\Program Files\DAP\zlib.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42459759.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70585251.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\76530116.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42459759.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\70585251.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\76530116.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AffinegyService => 2
MSCONFIG\Services: Belkin Local Backup Service => 2
MSCONFIG\Services: Belkin Network USB Helper => 2
MSCONFIG\Services: ES lite Service => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FlowFinder3MonstersAE32 => 2
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: Globe Tattoo Broadband. RunOuc => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HWDeviceService.exe => 2
MSCONFIG\Services: InCDsrv => 2
MSCONFIG\Services: JawsServerAE => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NBService => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: nTuneService => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RLM-GenArts => 3
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: UI Assistant Service => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BDRegion => C:\Program Files\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: BitTorrent => "C:\Program Files\BitTorrent\BitTorrent.exe"
MSCONFIG\startupreg: CheckNDISPort_df => C:\Program Files\Hotspot\Sun Broadband\CheckNDISPort_df.exe
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: DownloadAccelerator => "C:\Program Files\DAP\DAP.EXE" /STARTUP
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: InCD => C:\Program Files\Nero\Nero 7\InCD\InCD.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Mega Manager => C:\Program Files\Megaupload\Mega Manager\MegaManager.exe /Tray
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: Remoter => C:\Users\MyEminence\Downloads\Jpop Funk\RemoterServer\RemoterServer\RemoterServer.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: SecurDisc => C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: UIExec => "C:\Program Files\SMART BRO\UIExec.exe"
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: Windows Mobile-based device management => %WINDIR%\WindowsMobile\wmdcBase.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-185903628-1420016957-2107898834-500 - Administrator - Disabled)
Guest (S-1-5-21-185903628-1420016957-2107898834-501 - Limited - Disabled)
Marcus (S-1-5-21-185903628-1420016957-2107898834-1001 - Administrator - Enabled) => C:\Users\Marcus
MyEminence (S-1-5-21-185903628-1420016957-2107898834-1000 - Administrator - Enabled) => C:\Users\MyEminence
Stempo (S-1-5-21-185903628-1420016957-2107898834-1005 - Administrator - Enabled)
Tempo (S-1-5-21-185903628-1420016957-2107898834-1004 - Administrator - Enabled) => C:\Users\Tempo

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/11/2015 10:30:40 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/02/2015 06:55:26 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/02/2015 06:55:14 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (01/02/2015 06:42:07 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (01/01/2015 11:27:11 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/01/2015 11:26:58 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (01/01/2015 10:55:08 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (12/26/2014 10:30:55 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (12/23/2014 01:04:49 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (12/23/2014 01:04:37 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

System errors:
=============
Error: (01/11/2015 10:44:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt

Error: (01/11/2015 10:44:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Globe Tattoo Broadband. OUC%%1053

Error: (01/11/2015 10:44:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Globe Tattoo Broadband. OUC

Error: (01/11/2015 10:44:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: CSR Bluetooth Service%%3

Error: (01/11/2015 10:44:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: CSR OBEX Service%%3

Error: (01/11/2015 10:40:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/11/2015 10:30:49 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/11/2015 10:30:48 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/11/2015 10:30:40 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/11/2015 10:30:30 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Microsoft Office Sessions:
=========================
Error: (01/11/2015 10:30:40 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/02/2015 06:55:26 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/02/2015 06:55:14 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001

Error: (01/02/2015 06:42:07 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001

Error: (01/01/2015 11:27:11 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/01/2015 11:26:58 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001

Error: (01/01/2015 10:55:08 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001

Error: (12/26/2014 10:30:55 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001

Error: (12/23/2014 01:04:49 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (12/23/2014 01:04:37 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001

CodeIntegrity Errors:
===================================
  Date: 2015-01-11 22:48:20.801
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-11 22:48:20.740
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-11 22:48:20.681
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-11 22:48:20.622
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-11 22:48:20.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-11 22:48:20.352
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-11 22:48:20.298
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-11 22:48:20.244
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-11 22:47:56.617
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-11 22:47:56.552
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 41%
Total physical RAM: 2045.77 MB
Available physical RAM: 1199.6 MB
Total Pagefile: 7993 MB
Available Pagefile: 7081.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:169.41 GB) (Free:6.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Fixed) (Total:63.48 GB) (Free:9.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 972CEA52)
Partition 1: (Active) - (Size=63.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=169.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#12
zep516
Posted 11 January 2015 - 10:51 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Thanks henrymills.

I need some time to look over the log reports, before I do can you please review/ describe all the symptoms you're experiencing on the computer. What's working and what's not working, what's popping up and are you being redirected to other websites etc.

Thanks
Joe :)
  • 0

#13
henrymills
Posted 12 January 2015 - 03:29 AM

henrymills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Do i need to test my computer with the internet on?Im worried if the virus is still there it might connect online and spread on my computer more?


  • 0

#14
zep516
Posted 12 January 2015 - 06:56 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Turn the computer on, connect to the internet. Please follow instructions, if something does not work move to the next instruction please.

Next
Drive c: () (Fixed) (Total:169.41 GB) (Free:6.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
You're running out out of free space, Windows needs 15% free space (That's 15 percet of 169GB) or more to run correctly. That generally means for you moving files to an external drive, pictues, videos, removing unused programs etc.


We need to do a fix using FRST, (Copy, Save, run fix)..... Please read below an follow along:

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
CloseProcesses:
HKU\S-1-5-21-185903628-1420016957-2107898834-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-185903628-1420016957-2107898834-1000\...\Run: [PlayNC Launcher] => [X]
HKU\S-1-5-21-185903628-1420016957-2107898834-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 CsrBtOBEXService; "C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe" [X]
S2 CsrBtService; "C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe" [X]
S3 BthAudioHF; system32\DRIVERS\BthAudioHF.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\Users\MYEMIN~1\AppData\Local\Temp\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X]
S3 CsrBtPort; system32\DRIVERS\CsrBtPort.sys [X]
S3 csrusb; System32\Drivers\csrusb.sys [X]
S3 GPU-Z; \??\C:\Users\MYEMIN~1\AppData\Local\Temp\GPU-Z.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
2014-12-15 13:08 - 2012-04-02 12:41 - 00000000 ____D () C:\ProgramData\InstallMate
C:\Users\MyEminence\AppData\Local\temp\Quarantine.exe
C:\Users\MyEminence\AppData\Local\temp\sqlite3.dll
AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA
C:\ProgramData\TEMP:553CA6CA
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42459759.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70585251.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\76530116.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42459759.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\70585251.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\76530116.sys => ""="Driver"
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Emptytemp:
reboot:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next

I have also noticed in your log file you are using BitTorrent P2P program. We at Geeks to go ! Recommend removing these type of programs, they are a known cause of Malware infections. When you use file sharing programs like this you can never be sure of the file content and you are put at a much greater risk for infection. I strongly recommend you remove this program before we begin our work.

Programs to uninstall.
  • Mozilla Firefox (3.6.24)
  • Adobe Reader 9.2
  • BitTorrent
  • Java 7 Update 51
  • Java 6 Update 30
  • Remove any other unnecessary program you're not using this will help to free up space.
Next
Please download Uncleaner to the desktop.
Click clean.

Next
Please go to your downloads folder--> C:\Users\MyEminence\Downloads
Clear everything out, clear the downloads folder.

Next
Please download MiniToolBox http://download.blee...MiniToolBox.exe and run it.

Checkmark following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List IP configuration
  • List Installed Programs
  • List Users, Partitions and Memory size
  • List Restore Points
Click Go and post the result.

In your next reply post:
  • Fixlog.txt
  • Minitoolbox log
  • Thanks
    Joe :)

  • 0

#15
henrymills
Posted 13 January 2015 - 06:11 AM

henrymills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

I only use bittorrent to download legit files from legit sources,Also is there a way i dont need to uninstall firefox cause i have bookmarks for different profile?


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP