Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Crime Watch Removal [Solved]


  • This topic is locked This topic is locked

#1
winks

winks

    Member

  • Member
  • PipPip
  • 14 posts

I have been plagued for weeks now by something called crime watch and after countless downloads of removal programs and reading guides on removing it 

im at a total loss. What happens is everytime i open a web page or click something within a page it opens a new page with adds n surveys 

I relly hope someone can help me 

 

Here is my OTL result

 

OTL logfile created on: 16/01/2015 16:54:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Darren\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
15.96 Gb Total Physical Memory | 12.77 Gb Available Physical Memory | 79.98% Memory free
30.61 Gb Paging File | 27.03 Gb Available in Paging File | 88.30% Paging File free
Paging file location(s): c:\pagefile.sys 15000 30000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 725.54 Gb Free Space | 77.90% Space Free | Partition Type: NTFS
 
Computer Name: DARREN-PC | User Name: Darren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2015/01/16 16:53:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darren\Downloads\OTL.exe
PRC - [2015/01/14 19:00:43 | 010,693,168 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
PRC - [2015/01/09 00:35:57 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/12/13 00:13:07 | 002,531,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/12/13 00:13:04 | 001,701,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/12/10 19:12:11 | 010,066,992 | ---- | M] (Blizzard Entertainment) -- C:\Program Files (x86)\Battle.net\Battle.net.5383\Battle.net.exe
PRC - [2014/12/03 18:38:52 | 002,726,216 | ---- | M] (Mathematical Applications) -- C:\ProgramData\yNihBy\ZXVLlHlG.exe
PRC - [2014/11/30 19:43:23 | 000,182,048 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2014/11/26 16:10:44 | 001,747,744 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
PRC - [2014/11/25 13:45:44 | 002,426,144 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
PRC - [2014/11/09 19:19:13 | 000,468,328 | ---- | M] (Kingsoft Corporation) -- C:\Program Files (x86)\cmcm\Clean Master\cmtray.exe
PRC - [2014/11/04 13:19:48 | 000,815,392 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
PRC - [2014/10/13 18:47:22 | 001,802,048 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2014/10/13 16:17:10 | 001,391,936 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
PRC - [2014/09/30 17:00:34 | 000,344,896 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2014/09/17 12:41:14 | 000,080,176 | ---- | M] (MurGee.com) -- C:\ProgramData\Auto Keyboard\AutoKeyboard.exe
PRC - [2014/06/27 11:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2014/04/09 09:35:38 | 005,755,392 | ---- | M] (Joyent, Inc) -- C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
PRC - [2014/04/09 09:35:38 | 000,321,024 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
PRC - [2013/11/11 22:31:48 | 000,375,608 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/09 00:35:56 | 014,913,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
MOD - [2015/01/09 00:35:54 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
MOD - [2015/01/09 00:35:51 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
MOD - [2015/01/09 00:35:49 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
MOD - [2015/01/09 00:35:48 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
MOD - [2014/12/10 19:12:01 | 026,065,408 | ---- | M] () -- C:\Program Files (x86)\Battle.net\Battle.net.5383\libcef.dll
MOD - [2014/12/10 19:12:01 | 000,907,776 | ---- | M] () -- C:\Program Files (x86)\Battle.net\Battle.net.5383\platforms\qwindows.dll
MOD - [2014/12/10 19:12:01 | 000,739,840 | ---- | M] () -- C:\Program Files (x86)\Battle.net\Battle.net.5383\libGLESv2.dll
MOD - [2014/12/10 19:12:01 | 000,130,048 | ---- | M] () -- C:\Program Files (x86)\Battle.net\Battle.net.5383\libEGL.dll
MOD - [2014/12/10 19:12:01 | 000,054,272 | ---- | M] () -- C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
MOD - [2014/12/10 19:12:01 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQuick.2\qtquick2plugin.dll
MOD - [2014/12/10 19:12:01 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQml\Models.2\modelsplugin.dll
MOD - [2014/12/10 19:12:00 | 000,312,832 | ---- | M] () -- C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qtiff.dll
MOD - [2014/12/10 19:12:00 | 000,225,792 | ---- | M] () -- C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qmng.dll
MOD - [2014/12/10 19:12:00 | 000,205,312 | ---- | M] () -- C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qjpeg.dll
MOD - [2014/12/10 19:12:00 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\Battle.net\Battle.net.5383\audio\qtaudio_windows.dll
MOD - [2014/12/10 19:12:00 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qico.dll
MOD - [2014/12/10 19:12:00 | 000,020,992 | ---- | M] () -- C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qgif.dll
MOD - [2014/12/10 19:12:00 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qsvg.dll
MOD - [2014/11/26 01:38:09 | 016,841,392 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
MOD - [2014/10/16 10:26:28 | 000,622,880 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ProductStatistics.dll
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\maddisAsm_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madbasic_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\madbasic_.bpl
MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/12/13 00:13:04 | 001,148,560 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2014/12/13 00:13:03 | 019,823,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014/11/22 02:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/08/14 17:29:42 | 000,210,024 | ---- | M] (DTS) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe -- (DTSAudioService)
SRV:64bit: - [2013/11/11 22:31:52 | 000,467,256 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/12/13 00:13:04 | 001,701,520 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/12/08 16:46:09 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/03 18:38:52 | 002,726,216 | ---- | M] (Mathematical Applications) [Auto | Running] -- C:\ProgramData\yNihBy\ZXVLlHlG.exe -- (ZXVLlHlG)
SRV - [2014/11/26 13:02:48 | 002,631,456 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/11/09 19:19:13 | 000,315,240 | ---- | M] (Kingsoft Corporation) [On_Demand | Stopped] -- c:\program files (x86)\cmcm\Clean Master\cmcore.exe -- (cmcore)
SRV - [2014/11/04 13:19:48 | 000,815,392 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe -- (AdvancedSystemCareService8)
SRV - [2014/09/30 17:00:34 | 000,344,896 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2014/04/09 09:35:38 | 000,321,024 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe -- (BT Help Wizard)
SRV - [2014/03/20 22:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/11/11 22:31:48 | 000,375,608 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/13 00:13:03 | 000,019,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/12/09 06:53:20 | 000,272,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2014/11/22 10:46:30 | 000,038,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/11/17 13:28:16 | 000,941,784 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2014/11/09 19:19:14 | 000,056,680 | ---- | M] (Kingsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ksapi64.sys -- (ksapi64)
DRV:64bit: - [2014/10/09 17:02:39 | 000,195,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/09/12 01:25:56 | 000,418,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2014/09/12 01:23:50 | 000,083,176 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2014/09/12 01:23:50 | 000,043,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2014/08/14 17:23:33 | 000,123,704 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/06/04 15:17:14 | 000,021,184 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2014/03/31 14:07:10 | 004,050,432 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2013/10/02 02:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/12/19 08:42:10 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\t_mouse.sys -- (t_mouse.sys)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/02 14:05:26 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2010/02/02 14:05:26 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2013/11/19 16:10:36 | 000,034,848 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2013/11/19 16:10:36 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2013/03/23 15:48:48 | 000,023,048 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2010/11/01 05:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2010/02/02 14:09:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/02/02 14:09:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\..\SearchScopes,DefaultScope = {82F01D2B-F997-445E-BC93-D139C2E26E85}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{82F01D2B-F997-445E-BC93-D139C2E26E85}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.72.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.72.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
 
[2014/09/16 21:17:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darren\AppData\Roaming\Mozilla\Extensions
[2014/12/10 15:36:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\extensions
[2014/12/10 15:36:52 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\extensions\[email protected]
[2014/12/09 06:48:45 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\extensions\[email protected]
[2014/10/06 23:03:45 | 000,046,121 | ---- | M] () (No name found) -- C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\extensions\[email protected]
[2014/10/01 18:54:50 | 000,094,538 | ---- | M] () (No name found) -- C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
 
O1 HOSTS File: ([2014/12/10 00:40:12 | 000,450,771 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15471 more lines...
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Advanced SystemCare Surfing Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MouseDriver] C:\Windows\SysNative\TiltWheelMouse.exe (Pixart Imaging Inc)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] c:\program files\realtek\audio\hda\rtkngui64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Advanced SystemCare 8] C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe (IObit)
O4 - HKCU..\Run: [MurGee.com Auto Keyboard] c:\programdata\auto keyboard\autokeyboard.exe  (MurGee.com)
O4 - Startup: C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55025200-F339-4954-BF2C-AF081B9FD631}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF4F019B-D85A-45A5-AA23-A6C807F5FDB8}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/12/09 07:20:55 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (搀渀挀氀攀愀渀㘀㐀⸀攀砀攀)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/16 14:30:54 | 000,000,000 | -HSD | C] -- C:\Users\Darren\AppData\Local\EmieUserList
[2015/01/16 14:30:54 | 000,000,000 | -HSD | C] -- C:\Users\Darren\AppData\Local\EmieSiteList
[2015/01/16 14:30:54 | 000,000,000 | -HSD | C] -- C:\Users\Darren\AppData\Local\EmieBrowserModeList
[2015/01/16 14:25:41 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\CrimeWatch
[2014/12/24 10:50:02 | 000,000,000 | ---D | C] -- C:\Users\Darren\Documents\Heroes of the Storm
[2014/12/24 07:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
[2014/12/24 07:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Heroes of the Storm
[2014/12/21 03:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
[2014/12/18 10:59:25 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\HearthstoneTracker
[2014/12/18 10:59:21 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthstoneTracker
[2014/12/18 10:59:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HearthstoneTracker
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/16 15:59:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/16 13:45:08 | 000,023,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/16 13:45:08 | 000,023,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/16 13:37:37 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/16 13:36:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/16 13:36:09 | 4264,566,782 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/14 18:57:53 | 000,002,109 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
[2015/01/14 18:00:52 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/01/01 10:04:32 | 000,002,038 | ---- | M] () -- C:\Users\Darren\Desktop\Sequeencesone.lua
[2014/12/24 07:53:26 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\Heroes of the Storm.lnk
[2014/12/21 02:52:52 | 000,001,236 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2014/12/18 21:56:10 | 000,000,461 | ---- | M] () -- C:\Users\Darren\Documents\callumss.rtf
[2014/12/18 21:55:24 | 000,000,461 | ---- | M] () -- C:\Users\Darren\Documents\Document.rtf
[2014/12/18 10:59:21 | 000,001,082 | ---- | M] () -- C:\Users\Darren\Desktop\HearthstoneTracker.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/24 07:53:26 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\Heroes of the Storm.lnk
[2014/12/18 21:56:10 | 000,000,461 | ---- | C] () -- C:\Users\Darren\Documents\callumss.rtf
[2014/12/18 21:53:47 | 000,000,461 | ---- | C] () -- C:\Users\Darren\Documents\Document.rtf
[2014/12/18 10:59:21 | 000,001,082 | ---- | C] () -- C:\Users\Darren\Desktop\HearthstoneTracker.lnk
[2014/10/24 04:31:50 | 000,000,122 | ---- | C] () -- C:\Users\Darren\AppData\Roaming\burnaware.ini
[2014/10/22 15:20:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dvdtest10024.dat
[2014/09/12 00:15:44 | 000,007,600 | ---- | C] () -- C:\Users\Darren\AppData\Local\Resmon.ResmonCfg
[2014/08/24 13:19:44 | 000,000,205 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2014/08/19 17:54:03 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2014/08/14 17:30:51 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/08/14 14:20:26 | 000,765,280 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 02:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 01:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/09/21 18:45:48 | 000,000,000 | ---D | M] -- C:\Users\Darren\AppData\Roaming\Albion
[2014/11/17 21:14:40 | 000,000,000 | ---D | M] -- C:\Users\Darren\AppData\Roaming\Battle.net
[2014/08/18 01:59:42 | 000,000,000 | ---D | M] -- C:\Users\Darren\AppData\Roaming\Curse Advertising
[2014/09/24 20:06:04 | 000,000,000 | ---D | M] -- C:\Users\Darren\AppData\Roaming\Guild Wars 2
[2014/12/09 06:07:08 | 000,000,000 | ---D | M] -- C:\Users\Darren\AppData\Roaming\IObit
[2014/09/30 04:31:31 | 000,000,000 | ---D | M] -- C:\Users\Darren\AppData\Roaming\library_dir
[2014/08/29 21:59:40 | 000,000,000 | ---D | M] -- C:\Users\Darren\AppData\Roaming\Macro Recorder
[2014/09/25 14:51:24 | 000,000,000 | ---D | M] -- C:\Users\Darren\AppData\Roaming\OpenOffice
[2014/10/17 11:06:02 | 000,000,000 | ---D | M] -- C:\Users\Darren\AppData\Roaming\Oracle
[2014/09/08 01:48:36 | 000,000,000 | ---D | M] -- C:\Users\Darren\AppData\Roaming\Philipp Winterberg
[2014/12/16 20:39:25 | 000,000,000 | ---D | M] -- C:\Users\Darren\AppData\Roaming\ProductData
[2014/09/16 19:02:53 | 000,000,000 | ---D | M] -- C:\Users\Darren\AppData\Roaming\Wargaming.net
[2014/09/15 22:00:59 | 000,000,000 | ---D | M] -- C:\Users\Darren\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
< End of report >
 
Hope ive done this correctly

  • 0

Advertisements


#2
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hey, :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

  • 0

#3
winks

winks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

wow that was quick response :)

 

ok here we go 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Darren (administrator) on DARREN-PC on 16-01-2015 22:30:14
Running from C:\Users\Darren\Downloads
Loaded Profiles: Darren (Available profiles: Darren)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(Curse) C:\Users\Darren\AppData\Local\Apps\2.0\WKCW819V.ZAB\7KO4R96G.X1P\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Mathematical Applications) C:\ProgramData\yNihBy\ZXVLlHlG.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(MurGee.com) C:\ProgramData\Auto Keyboard\AutoKeyboard.exe
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => c:\program files\realtek\audio\hda\rtkngui64.exe [7575768 2014-08-14] (Realtek Semiconductor)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [2860856 2013-11-11] (Alcatel-Lucent)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1802048 2014-10-13] (IObit)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-233057431-3032299918-2474818732-1000\...\Run: [MurGee.com Auto Keyboard] => c:\programdata\auto keyboard\autokeyboard.exe [80176 2014-09-17] (MurGee.com)
HKU\S-1-5-21-233057431-3032299918-2474818732-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2426144 2014-11-25] (IObit)
Startup: C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
BootExecute: autocheck autochk * 搀渀挀氀攀愀渀㘀㐀⸀攀砀攀
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-233057431-3032299918-2474818732-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKU\S-1-5-21-233057431-3032299918-2474818732-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\user.js
FF Extension: Ads Removal - C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\Extensions\[email protected] [2014-12-10]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\Extensions\[email protected] [2014-12-09]
FF Extension: GPU Accelerated Flash Player - C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\Extensions\[email protected] [2014-10-01]
FF Extension: YouTube High Definition - C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-10-01]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Profile 2 -> hxxp://www.yahoo.co.uk/
CHR Profile: C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Profile: C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Drive) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-16]
CHR Extension: (YouTube) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-16]
CHR Extension: (Google Search) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-16]
CHR Extension: (Google Wallet) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-16]
CHR Extension: (Gmail) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
S3 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315240 2014-11-09] (Kingsoft Corporation)
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2014-08-14] (DTS)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-09-30] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-11-26] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZXVLlHlG; C:\ProgramData\yNihBy\ZXVLlHlG.exe [2726216 2014-12-03] (Mathematical Applications)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2014-11-09] (Kingsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
R3 cpuz137; \??\C:\Users\Darren\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 22:30 - 2015-01-16 22:30 - 00016826 _____ () C:\Users\Darren\Downloads\FRST.txt
2015-01-16 22:28 - 2015-01-16 22:30 - 00000000 ____D () C:\FRST
2015-01-16 22:28 - 2015-01-16 22:28 - 02125312 _____ (Farbar) C:\Users\Darren\Downloads\FRST64.exe
2015-01-16 16:59 - 2015-01-16 16:59 - 00066460 _____ () C:\Users\Darren\Downloads\Extras.Txt
2015-01-16 16:58 - 2015-01-16 16:58 - 00072572 _____ () C:\Users\Darren\Downloads\OTL.Txt
2015-01-16 16:53 - 2015-01-16 16:53 - 00602112 _____ (OldTimer Tools) C:\Users\Darren\Downloads\OTL.exe
2015-01-16 16:17 - 2015-01-16 16:17 - 00064416 _____ () C:\Users\Darren\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-16 14:30 - 2015-01-16 14:30 - 00000000 __SHD () C:\Users\Darren\AppData\Local\EmieUserList
2015-01-16 14:30 - 2015-01-16 14:30 - 00000000 __SHD () C:\Users\Darren\AppData\Local\EmieSiteList
2015-01-16 14:30 - 2015-01-16 14:30 - 00000000 __SHD () C:\Users\Darren\AppData\Local\EmieBrowserModeList
2015-01-16 14:25 - 2015-01-16 22:27 - 00000000 ____D () C:\Users\Darren\AppData\Local\CrimeWatch
2015-01-13 18:50 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 18:50 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 18:50 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 18:50 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 18:50 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 18:49 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 18:49 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 18:49 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 18:49 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 18:49 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 18:49 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 18:49 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 18:49 - 2014-12-11 17:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-08 00:22 - 2015-01-08 00:22 - 17528608 _____ (IObit) C:\Users\Darren\Downloads\iobituninstaller.exe
2014-12-26 10:38 - 2014-12-13 10:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-26 10:38 - 2014-12-13 10:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-26 10:38 - 2014-10-09 17:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-12-26 10:38 - 2014-10-09 17:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-12-26 10:38 - 2014-10-09 07:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2014-12-24 10:50 - 2014-12-24 10:52 - 00000000 ____D () C:\Users\Darren\Documents\Heroes of the Storm
2014-12-24 07:53 - 2014-12-24 07:53 - 00001189 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2014-12-24 07:53 - 2014-12-24 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2014-12-24 07:49 - 2015-01-14 13:39 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2014-12-21 03:01 - 2014-12-21 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-12-21 02:45 - 2014-11-22 10:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-21 02:45 - 2014-11-22 10:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-12-21 02:45 - 2014-11-22 10:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-18 11:09 - 2014-12-13 05:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 11:09 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-18 10:59 - 2014-12-18 10:59 - 00001082 _____ () C:\Users\Darren\Desktop\HearthstoneTracker.lnk
2014-12-18 10:59 - 2014-12-18 10:59 - 00000000 ____D () C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthstoneTracker
2014-12-18 10:59 - 2014-12-18 10:59 - 00000000 ____D () C:\Users\Darren\AppData\Local\HearthstoneTracker
2014-12-18 10:59 - 2014-12-18 10:59 - 00000000 ____D () C:\Program Files (x86)\HearthstoneTracker
2014-12-18 10:58 - 2014-12-18 10:59 - 10382707 _____ (HearthstoneTracker.com) C:\Users\Darren\Downloads\HearthstoneTracker-Setup.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 22:22 - 2014-08-13 17:46 - 01310284 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 22:19 - 2014-08-14 12:09 - 00000000 ____D () C:\Users\Darren\AppData\Local\Battle.net
2015-01-16 21:59 - 2014-12-09 05:54 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 21:41 - 2014-08-14 10:47 - 00000000 ____D () C:\Users\Darren\AppData\Local\Deployment
2015-01-16 17:41 - 2014-08-14 18:27 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-01-16 14:20 - 2014-08-13 17:51 - 00000000 ____D () C:\Users\Darren
2015-01-16 13:45 - 2009-07-14 04:45 - 00023376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 13:45 - 2009-07-14 04:45 - 00023376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 13:41 - 2014-12-09 06:49 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2015-01-16 13:37 - 2014-12-09 05:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 13:36 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 02:32 - 2014-12-05 16:41 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-01-14 18:57 - 2014-11-30 19:43 - 00002109 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-01-14 18:00 - 2014-12-09 05:55 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-14 13:38 - 2014-08-20 03:01 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-13 20:54 - 2014-08-14 10:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 20:51 - 2014-08-14 10:35 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 06:07 - 2014-08-19 17:56 - 00000000 ____D () C:\Users\Darren\AppData\Roaming\Ventrilo
2015-01-10 06:00 - 2014-09-11 19:15 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Public Test
2015-01-09 19:24 - 2014-08-13 17:59 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-08 00:16 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-01 10:04 - 2014-10-31 03:50 - 00002038 _____ () C:\Users\Darren\Desktop\Sequeencesone.lua
2014-12-31 11:14 - 2014-08-14 10:04 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-26 10:40 - 2014-11-18 15:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-26 10:30 - 2009-07-14 05:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-24 10:50 - 2014-08-14 12:09 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-12-21 02:52 - 2014-08-14 18:31 - 00001236 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-12-20 10:52 - 2014-08-30 08:05 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-12-18 10:54 - 2014-08-14 12:11 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-12-18 03:46 - 2014-12-09 07:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 12:23
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by Darren at 2015-01-16 22:30:40
Running from C:\Users\Darren\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1637796.2000442264.1946719294.32 - Audible, Inc.)
Auto Keyboard v1.6 (HKLM-x32\...\{71E16EE4-BBED-44A8-8724-9E68D05EE945}_is1) (Version: 1.6 - MurGee.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Clean Master (HKLM-x32\...\Clean Master) (Version: 1.0 - Cheetah Mobile)
Curse Client (HKU\S-1-5-21-233057431-3032299918-2474818732-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Driver Booster 2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.0 - IObit)
Free YouTube Downloader 4.0.283 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HearthstoneTracker (HKLM-x32\...\HearthstoneTracker) (Version: 1.9.23.39449 - HearthstoneTracker.com)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.5 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.24 - IObit)
Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 5.10 - Philipp Winterberg)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.3 - IObit)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Tukui Client (HKLM-x32\...\{6517882E-E5E0-40DC-B3B0-A531FF2A06E8}) (Version: 2.4.5 - Tukui)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net  (03/31/2014 10.0.0.288) (HKLM\...\E411CAC42F905EEA57E543B641DDB9D855AF075A) (Version: 03/31/2014 10.0.0.288 - Qualcomm Atheros Communications Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-233057431-3032299918-2474818732-1000_Classes\CLSID\{7cca65f0-833f-4acc-b00b-a54936638896}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2014-12-10 00:40 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {03051B16-BB61-4D90-B7E4-A0FDB4E76502} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-09] (Google Inc.)
Task: {0ABBDE4C-2619-453E-B933-06709A7C9C07} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-10-08] (IObit)
Task: {3491387A-FE1A-4707-AC4C-DB1C7D4478E5} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2014-11-26] (IObit)
Task: {3E72DD44-2F8F-4534-859C-6879F2CB998C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {4071FEE8-C07B-4C5F-8D25-F63D052E1CDC} - System32\Tasks\ASC8_SkipUac_Darren => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2014-11-26] (IObit)
Task: {5555C634-C575-48DD-9B06-5E10C0DBCEE2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {63F93DF5-F779-4D67-B8F1-2CB5985B5991} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {65B23287-26C1-42B8-9393-983977C0B030} - System32\Tasks\Driver Booster Beta SkipUAC (Darren) => C:\Program Files (x86)\IObit\Driver Booster Beta\DriverBooster.exe
Task: {79FCE03B-E63A-434C-B5D4-392E67D4FA5F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-08] (Adobe Systems Incorporated)
Task: {863458F7-1211-418F-AB15-48276FD91955} - System32\Tasks\{B5810AF7-DAB9-421F-A1DC-E74D3779C145} => pcalua.exe -a "C:\Program Files (x86)\IObit\Advanced SystemCare 7\SecurityHole_Backup\KB2565063.exe" -d C:\Windows\system32 -c /quiet /norestart
Task: {871204D4-48D8-4F8A-BACA-7F4356C3080D} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2014-10-19] ()
Task: {88A0265E-78C7-46B7-B07C-A315A9A7DEB2} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit)
Task: {A0CE6664-7D83-45C7-B3C3-658DD14AD5B5} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-10-13] (IObit)
Task: {AB3540C9-B55B-4760-BC32-E35B3DF4F682} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-09] (Google Inc.)
Task: {CB2C5B36-5415-4B24-8654-D0EA79FCC1A4} - System32\Tasks\Uninstaller_SkipUac_Darren => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-04] (IObit)
Task: {CFCE8327-2D8E-4002-B25D-95B2AF16C6D3} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-11-18] (IObit)
Task: {D36238D2-6E4A-485B-8609-20D0513E3B7F} - System32\Tasks\{4C2F3B49-220E-4BE2-9687-63D509ED3F18} => pcalua.exe -a "C:\Users\Darren\Downloads\setup (1).exe" -d C:\Users\Darren\Downloads
Task: {DCECA23C-B962-4929-9446-33A131B89AA3} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-04] (IObit)
Task: {DFFAEC23-72DF-4404-B9F7-B37DB5C23E2F} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {E6868CD2-3922-4854-9D90-7FC590A97DA6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {E70CCF96-E5B0-4838-B350-8C0204760F0E} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-10-28] (IObit)
Task: {ECDA8A70-F9B9-44E3-A461-FCC05397AF51} - System32\Tasks\{C1E12354-F84A-4AF5-B0F6-12FDB8E972A4} => pcalua.exe -a "C:\Users\Darren\Downloads\ActiveSetupN (1).exe" -d C:\Users\Darren\Downloads
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-11-18 15:12 - 2014-12-13 08:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-09 20:15 - 2014-10-09 20:15 - 00016384 ____N () C:\Users\Darren\AppData\Local\Apps\2.0\WKCW819V.ZAB\7KO4R96G.X1P\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.WowDb.dll
2014-08-18 01:56 - 2014-08-18 01:56 - 00035840 _____ () C:\Users\Darren\AppData\Local\Apps\2.0\WKCW819V.ZAB\7KO4R96G.X1P\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.Advertising.dll
2014-10-09 20:15 - 2014-10-09 20:14 - 00099840 ____N () C:\Users\Darren\AppData\Local\Apps\2.0\WKCW819V.ZAB\7KO4R96G.X1P\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.CMOD2.dll
2014-11-30 19:43 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2013-11-07 17:58 - 2013-11-07 17:58 - 00244736 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2013-11-07 17:58 - 2013-11-07 17:58 - 00271360 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2013-11-07 17:57 - 2013-11-07 17:57 - 00237056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2013-04-24 07:55 - 2013-04-24 07:55 - 01581056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\libxmljs\build\Release\xmljs.node
2013-04-18 16:55 - 2013-04-18 16:55 - 00068608 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
2014-11-30 19:43 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madExcept_.bpl
2014-11-30 19:43 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madBasic_.bpl
2014-11-30 19:43 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2014-11-30 19:43 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\ProductStatistics.dll
2014-11-30 19:43 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2014-12-09 07:41 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-09 07:41 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-09 07:41 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-30 19:43 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2014-11-30 19:43 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2014-11-30 19:43 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-01-14 18:00 - 2015-01-09 00:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-14 18:00 - 2015-01-09 00:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-14 18:00 - 2015-01-09 00:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-14 18:00 - 2015-01-09 00:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-14 18:00 - 2015-01-09 00:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Darren^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupreg: Battle.net => "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe" --autostarted
MSCONFIG\startupreg: cmsc => "c:\program files (x86)\cmcm\Clean Master\cmtray.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => c:\program files (x86)\divx\divx media server\divxmediaserver.exe
MSCONFIG\startupreg: DivXUpdate => "c:\program files (x86)\divx\divx update\divxupdate.exe" /checknow
MSCONFIG\startupreg: NvBackend => c:\program files (x86)\nvidia corporation\update core\nvbackend.exe
MSCONFIG\startupreg: Raptr => c:\progra~2\raptr\raptrstub.exe --startup
MSCONFIG\startupreg: RtHDVBg_DTS => "c:\program files\realtek\audio\hda\ravbg64.exe" /fordtsuptbt
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => c:\program files (x86)\common files\java\java update\jusched.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-233057431-3032299918-2474818732-500 - Administrator - Disabled)
Darren (S-1-5-21-233057431-3032299918-2474818732-1000 - Administrator - Enabled) => C:\Users\Darren
Guest (S-1-5-21-233057431-3032299918-2474818732-501 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Qualcomm Atheros AR9285 Wireless Network Adapter #2
Description: Qualcomm Atheros AR9285 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/16/2015 04:15:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow-64.exe version 6.0.3.19342 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1b78
 
Start Time: 01d031a4ae3ec788
 
Termination Time: 520
 
Application Path: C:\Program Files (x86)\World of Warcraft\Wow-64.exe
 
Report Id:
 
Error: (01/16/2015 03:23:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow-64.exe version 6.0.3.19342 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1970
 
Start Time: 01d0319faef541e1
 
Termination Time: 335
 
Application Path: C:\Program Files (x86)\World of Warcraft\Wow-64.exe
 
Report Id:
 
Error: (01/16/2015 02:13:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc015000f
Fault offset: 0x000000000006f7ba
Faulting process id: 0x554
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (01/16/2015 02:13:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: SHELL32.dll, version: 6.1.7601.18517, time stamp: 0x53aa2e07
Exception code: 0xc0000005
Fault offset: 0x0000000000050506
Faulting process id: 0x554
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (01/16/2015 01:38:57 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (2008) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Darren\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error: (01/15/2015 11:01:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 39.0.2171.99 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 11ec
 
Start Time: 01d030513f732ba5
 
Termination Time: 19
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id:
 
Error: (01/15/2015 07:09:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow-64.exe version 6.0.3.19342 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1600
 
Start Time: 01d03078d76fbd45
 
Termination Time: 174
 
Application Path: C:\Program Files (x86)\World of Warcraft\Wow-64.exe
 
Report Id:
 
Error: (01/15/2015 04:06:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow-64.exe version 6.0.3.19342 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 660
 
Start Time: 01d0304f817db47e
 
Termination Time: 301
 
Application Path: C:\Program Files (x86)\World of Warcraft\Wow-64.exe
 
Report Id:
 
Error: (01/14/2015 08:22:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow-64.exe version 6.0.3.19342 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1350
 
Start Time: 01d0302e78bb5c0c
 
Termination Time: 587
 
Application Path: C:\Program Files (x86)\World of Warcraft\Wow-64.exe
 
Report Id:
 
Error: (01/12/2015 05:52:07 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (1760) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Darren\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
 
System errors:
=============
Error: (01/16/2015 10:26:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IMF Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/16/2015 01:38:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (01/16/2015 01:38:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (01/16/2015 01:37:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (01/16/2015 01:37:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (01/15/2015 05:49:29 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
 
Error: (01/15/2015 07:09:52 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
 
Error: (01/12/2015 06:37:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (01/12/2015 06:37:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (01/12/2015 06:36:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (01/16/2015 04:15:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Wow-64.exe6.0.3.193421b7801d031a4ae3ec788520C:\Program Files (x86)\World of Warcraft\Wow-64.exe
 
Error: (01/16/2015 03:23:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Wow-64.exe6.0.3.19342197001d0319faef541e1335C:\Program Files (x86)\World of Warcraft\Wow-64.exe
 
Error: (01/16/2015 02:13:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c015000f000000000006f7ba55401d031917d942d6eC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dlld73eaffc-9d89-11e4-bb1c-14dae933f642
 
Error: (01/16/2015 02:13:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4SHELL32.dll6.1.7601.1851753aa2e07c0000005000000000005050655401d031917d942d6eC:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dlld4cc7f03-9d89-11e4-bb1c-14dae933f642
 
Error: (01/16/2015 01:38:57 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost2008WebCacheLocal: C:\Users\Darren\AppData\Local\Microsoft\Windows\WebCache\V01.log-1811 (0xfffff8ed)
 
Error: (01/15/2015 11:01:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe39.0.2171.9911ec01d030513f732ba519C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Error: (01/15/2015 07:09:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Wow-64.exe6.0.3.19342160001d03078d76fbd45174C:\Program Files (x86)\World of Warcraft\Wow-64.exe
 
Error: (01/15/2015 04:06:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Wow-64.exe6.0.3.1934266001d0304f817db47e301C:\Program Files (x86)\World of Warcraft\Wow-64.exe
 
Error: (01/14/2015 08:22:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Wow-64.exe6.0.3.19342135001d0302e78bb5c0c587C:\Program Files (x86)\World of Warcraft\Wow-64.exe
 
Error: (01/12/2015 05:52:07 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost1760WebCacheLocal: C:\Users\Darren\AppData\Local\Microsoft\Windows\WebCache\V01.log-1811 (0xfffff8ed)
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-21 14:16:35.456
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-14 22:16:44.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-14 21:32:59.145
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-14 19:15:09.854
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-14 18:36:22.304
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-14 18:33:44.668
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X6 1090T Processor
Percentage of memory in use: 19%
Total physical RAM: 16345.34 MB
Available physical RAM: 13202.9 MB
Total Pagefile: 31343.53 MB
Available Pagefile: 27974.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:725.81 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4CF687C7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 


  • 0

#4
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hey, :)
Please move FRST to your Desktop.

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

  • 0

#5
winks

winks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

here is the 1st log 

 

# AdwCleaner v4.107 - Report created 17/01/2015 at 02:50:44
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Darren - DARREN-PC
# Running from : C:\Users\Darren\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\Extensions\[email protected]
File Deleted : C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\user.js
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Driver Booster Scan
Task Deleted : Driver Booster Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v39.0.2171.99
 
 
*************************
 
AdwCleaner[R0].txt - [1540 octets] - [09/12/2014 05:42:22]
AdwCleaner[R1].txt - [902 octets] - [09/12/2014 05:57:23]
AdwCleaner[R2].txt - [1295 octets] - [09/12/2014 23:56:50]
AdwCleaner[R3].txt - [1572 octets] - [17/01/2015 02:47:59]
AdwCleaner[S0].txt - [1552 octets] - [09/12/2014 05:43:19]
AdwCleaner[S1].txt - [962 octets] - [09/12/2014 06:00:46]
AdwCleaner[S2].txt - [1505 octets] - [17/01/2015 02:50:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1565 octets] ##########
 

  • 0

#6
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
I'm waiting for the other logs. ;)
  • 0

#7
winks

winks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

next log 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 17/01/2015
Scan Time: 03:34:14
Logfile: mam.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.16.14
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Darren
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327568
Time Elapsed: 8 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.CrimeWatch.A, C:\ProgramData\yNihBy\ZXVLlHlG.exe, 3608, Delete-on-Reboot, [1c35e11694f5a6902355d12103fe827e]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.CrimeWatch.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZXVLlHlG, Quarantined, [1c35e11694f5a6902355d12103fe827e], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.CrimeWatch.A, C:\Users\Darren\AppData\Local\CrimeWatch, Quarantined, [7ed3c4337b0e69cd994341372bd83dc3], 
 
Files: 6
PUP.Optional.CrimeWatch.A, C:\ProgramData\yNihBy\ZXVLlHlG.exe, Delete-on-Reboot, [1c35e11694f5a6902355d12103fe827e], 
PUP.Optional.CrimeWatch.A, C:\ProgramData\yNihBy\dat\erjEvluwwF.exe, Delete-on-Reboot, [9db4ef083a4fe6503d3bd41e679a09f7], 
PUP.Optional.CrimeWatch.A, C:\ProgramData\yNihBy\dat\KxqlJrOaVvG.exe, Delete-on-Reboot, [c68be0174b3e4ee80f6922d037ca2bd5], 
PUP.Optional.Crimewatch.A, C:\ProgramData\yNihBy\dat\OjHvAEQgCK.dll, Delete-on-Reboot, [a0b111e6bbce9e985b7babdccc3914ec], 
PUP.Optional.OpenCandy, C:\Users\Darren\Downloads\3DP_Chip_v1410.exe, Quarantined, [87caf700b0d9a98d344f75492bda2cd4], 
PUP.Optional.CrimeWatch.A, C:\Users\Darren\AppData\Local\CrimeWatch\data2.dat, Quarantined, [7ed3c4337b0e69cd994341372bd83dc3], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#8
winks

winks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Darren on 17/01/2015 at 14:42:34.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\prefetch\DRIVERBOOSTER.EXE-51D78DCC.pf
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Darren\appdata\local\free youtube downloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\free youtube downloader"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/01/2015 at 14:45:00.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#9
winks

winks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Last one 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by Darren (administrator) on DARREN-PC on 17-01-2015 14:49:36
Running from C:\Users\Darren\Desktop
Loaded Profiles: Darren (Available profiles: Darren)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7660760 2015-01-16] (Realtek Semiconductor)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [2860856 2013-11-11] (Alcatel-Lucent)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2015-01-16] (Realtek Semiconductor)
HKLM-x32\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1802048 2014-10-13] (IObit)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-233057431-3032299918-2474818732-1000\...\Run: [MurGee.com Auto Keyboard] => c:\programdata\auto keyboard\autokeyboard.exe [80176 2014-09-17] (MurGee.com)
HKU\S-1-5-21-233057431-3032299918-2474818732-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2426144 2014-11-25] (IObit)
Startup: C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
BootExecute: autocheck autochk * 搀渀挀氀攀愀渀㘀㐀⸀攀砀攀
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-233057431-3032299918-2474818732-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKU\S-1-5-21-233057431-3032299918-2474818732-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\Extensions\[email protected] [2014-12-09]
FF Extension: GPU Accelerated Flash Player - C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\Extensions\[email protected] [2014-10-01]
FF Extension: YouTube High Definition - C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-10-01]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Profile 2 -> hxxp://www.yahoo.co.uk/
CHR Profile: C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Drive) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-16]
CHR Extension: (YouTube) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-16]
CHR Extension: (Google Search) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-16]
CHR Extension: (Google Wallet) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-16]
CHR Extension: (Gmail) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
S3 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315240 2014-11-09] (Kingsoft Corporation)
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2014-08-14] (DTS)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-09-30] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-11-26] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-16] (REALiX™)
S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2014-11-09] (Kingsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
R3 cpuz137; \??\C:\Users\Darren\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-17 14:49 - 2015-01-17 14:50 - 00017337 _____ () C:\Users\Darren\Desktop\FRST.txt
2015-01-17 14:49 - 2015-01-17 14:49 - 00000000 ____D () C:\Users\Darren\Desktop\FRST-OlderVersion
2015-01-17 14:45 - 2015-01-17 14:45 - 00001013 _____ () C:\Users\Darren\Desktop\JRT.txt
2015-01-17 14:42 - 2015-01-17 14:42 - 00000000 ____D () C:\Windows\ERUNT
2015-01-17 14:40 - 2015-01-17 14:40 - 01707939 _____ (Thisisu) C:\Users\Darren\Desktop\JRT.exe
2015-01-17 14:38 - 2015-01-17 14:38 - 00002046 _____ () C:\Users\Darren\Desktop\mam.txt
2015-01-17 14:08 - 2015-01-17 14:09 - 00000168 _____ () C:\Windows\setupact.log
2015-01-17 14:08 - 2015-01-17 14:08 - 00002410 _____ () C:\Windows\PFRO.log
2015-01-17 14:08 - 2015-01-17 14:08 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-17 03:31 - 2015-01-17 14:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 03:31 - 2015-01-17 03:31 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-17 03:31 - 2015-01-17 03:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-17 03:31 - 2015-01-17 03:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-17 03:31 - 2015-01-17 03:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-17 03:31 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-17 03:31 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-17 03:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-17 03:30 - 2015-01-17 03:31 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Darren\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-17 02:53 - 2015-01-17 02:53 - 00064416 _____ () C:\Users\Darren\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-17 02:53 - 2015-01-17 02:53 - 00000020 ___SH () C:\Users\Darren\ntuser.ini
2015-01-17 02:52 - 2015-01-17 02:52 - 00295976 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-17 02:46 - 2015-01-17 02:46 - 02191360 _____ () C:\Users\Darren\Desktop\AdwCleaner.exe
2015-01-16 22:55 - 2015-01-16 22:55 - 71040000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-01-16 22:55 - 2015-01-16 22:55 - 14048512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 12967680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2015-01-16 22:55 - 2015-01-16 22:55 - 05234952 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 04263128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-01-16 22:55 - 2015-01-16 22:55 - 03186544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 02860760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 02827120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 01550528 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 01499984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 01443340 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-01-16 22:55 - 2015-01-16 22:55 - 01411096 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 01353472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 01287384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00995120 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00979280 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00959704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00922880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00856992 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00629464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00451096 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00366104 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00326680 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00326680 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00303776 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00096568 _____ () C:\Windows\system32\audioLibVc.dll
2015-01-16 22:50 - 2015-01-16 22:50 - 00942808 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-01-16 22:50 - 2015-01-16 22:50 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-01-16 22:45 - 2015-01-16 22:45 - 00026528 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-01-16 22:30 - 2015-01-16 22:31 - 00032010 _____ () C:\Users\Darren\Downloads\Addition.txt
2015-01-16 22:30 - 2015-01-16 22:31 - 00028441 _____ () C:\Users\Darren\Downloads\FRST.txt
2015-01-16 22:28 - 2015-01-17 14:49 - 02125824 _____ (Farbar) C:\Users\Darren\Desktop\FRST64.exe
2015-01-16 22:28 - 2015-01-17 14:49 - 00000000 ____D () C:\FRST
2015-01-16 16:59 - 2015-01-16 16:59 - 00066460 _____ () C:\Users\Darren\Downloads\Extras.Txt
2015-01-16 16:58 - 2015-01-16 16:58 - 00072572 _____ () C:\Users\Darren\Downloads\OTL.Txt
2015-01-16 16:53 - 2015-01-16 16:53 - 00602112 _____ (OldTimer Tools) C:\Users\Darren\Downloads\OTL.exe
2015-01-16 14:30 - 2015-01-16 14:30 - 00000000 __SHD () C:\Users\Darren\AppData\Local\EmieUserList
2015-01-16 14:30 - 2015-01-16 14:30 - 00000000 __SHD () C:\Users\Darren\AppData\Local\EmieSiteList
2015-01-16 14:30 - 2015-01-16 14:30 - 00000000 __SHD () C:\Users\Darren\AppData\Local\EmieBrowserModeList
2015-01-13 18:50 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 18:50 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 18:50 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 18:50 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 18:50 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 18:49 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 18:49 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 18:49 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 18:49 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 18:49 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 18:49 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 18:49 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 18:49 - 2014-12-11 17:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-08 00:22 - 2015-01-08 00:22 - 17528608 _____ (IObit) C:\Users\Darren\Downloads\iobituninstaller.exe
2014-12-26 10:38 - 2014-12-13 10:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-26 10:38 - 2014-12-13 10:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-26 10:38 - 2014-10-09 17:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-12-26 10:38 - 2014-10-09 17:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-12-26 10:38 - 2014-10-09 07:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2014-12-24 10:50 - 2014-12-24 10:52 - 00000000 ____D () C:\Users\Darren\Documents\Heroes of the Storm
2014-12-24 07:53 - 2014-12-24 07:53 - 00001189 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2014-12-24 07:53 - 2014-12-24 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2014-12-24 07:49 - 2015-01-14 13:39 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2014-12-21 03:01 - 2014-12-21 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-12-21 02:45 - 2014-11-22 10:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-21 02:45 - 2014-11-22 10:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-12-21 02:45 - 2014-11-22 10:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-18 11:09 - 2014-12-13 05:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 11:09 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-18 10:59 - 2014-12-18 10:59 - 00001082 _____ () C:\Users\Darren\Desktop\HearthstoneTracker.lnk
2014-12-18 10:59 - 2014-12-18 10:59 - 00000000 ____D () C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthstoneTracker
2014-12-18 10:59 - 2014-12-18 10:59 - 00000000 ____D () C:\Users\Darren\AppData\Local\HearthstoneTracker
2014-12-18 10:59 - 2014-12-18 10:59 - 00000000 ____D () C:\Program Files (x86)\HearthstoneTracker
2014-12-18 10:58 - 2014-12-18 10:59 - 10382707 _____ (HearthstoneTracker.com) C:\Users\Darren\Downloads\HearthstoneTracker-Setup.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-17 14:17 - 2009-07-14 04:45 - 00023376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-17 14:17 - 2009-07-14 04:45 - 00023376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-17 14:09 - 2014-12-09 05:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-17 14:09 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-17 14:08 - 2014-12-03 18:38 - 00000000 ____D () C:\ProgramData\yNihBy
2015-01-17 14:08 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\security
2015-01-17 09:05 - 2014-08-14 12:09 - 00000000 ____D () C:\Users\Darren\AppData\Local\Battle.net
2015-01-17 08:59 - 2014-12-09 05:54 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-17 04:10 - 2014-11-30 19:43 - 00002109 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-01-17 02:53 - 2014-08-13 17:51 - 00000000 ____D () C:\Users\Darren
2015-01-17 02:51 - 2014-08-13 17:46 - 01346917 _____ () C:\Windows\WindowsUpdate.log
2015-01-17 02:50 - 2014-12-09 05:42 - 00000000 ____D () C:\AdwCleaner
2015-01-17 01:54 - 2014-08-14 10:47 - 00000000 ____D () C:\Users\Darren\AppData\Local\Deployment
2015-01-16 22:57 - 2014-12-09 06:49 - 00002074 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-01-16 22:57 - 2014-08-14 18:27 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-01-16 22:56 - 2014-08-14 17:30 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-01-16 22:50 - 2011-06-10 05:34 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2015-01-16 22:47 - 2014-08-13 17:59 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-16 22:45 - 2014-12-09 06:49 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2015-01-16 22:45 - 2014-12-09 06:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2015-01-16 22:44 - 2014-08-14 14:20 - 00765280 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-16 22:44 - 2009-07-14 05:13 - 00765280 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 02:32 - 2014-12-05 16:41 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-01-14 18:00 - 2014-12-09 05:55 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-14 13:38 - 2014-08-20 03:01 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-13 20:54 - 2014-08-14 10:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 20:51 - 2014-08-14 10:35 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 06:07 - 2014-08-19 17:56 - 00000000 ____D () C:\Users\Darren\AppData\Roaming\Ventrilo
2015-01-10 06:00 - 2014-09-11 19:15 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Public Test
2015-01-08 00:16 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-01 10:04 - 2014-10-31 03:50 - 00002038 _____ () C:\Users\Darren\Desktop\Sequeencesone.lua
2014-12-31 11:14 - 2014-08-14 10:04 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-26 10:40 - 2014-11-18 15:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-26 10:30 - 2009-07-14 05:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-24 10:50 - 2014-08-14 12:09 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-12-21 02:52 - 2014-08-14 18:31 - 00001236 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-12-20 10:52 - 2014-08-30 08:05 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-12-18 10:54 - 2014-08-14 12:11 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-12-18 03:46 - 2014-12-09 07:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
 
==================== Files in the root of some directories =======
2014-10-24 04:31 - 2014-10-24 04:32 - 0000122 _____ () C:\Users\Darren\AppData\Roaming\burnaware.ini
2014-09-12 00:15 - 2014-10-18 05:05 - 0007600 _____ () C:\Users\Darren\AppData\Local\Resmon.ResmonCfg
2014-08-14 17:30 - 2014-08-14 17:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-24 13:19 - 2014-09-02 20:11 - 0000205 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-17 03:22
 
==================== End Of Log ============================

  • 0

#10
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    Startup: C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
    FF Extension: No Name - C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\extensions\[email protected] [Not Found]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?
  • 1

Advertisements


#11
winks

winks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-01-2015
Ran by Darren at 2015-01-18 04:12:03 Run:1
Running from C:\Users\Darren\Desktop
Loaded Profiles: Darren (Available profiles: Darren)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Startup: C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
EmptyTemp:
*****************
 
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip => Moved successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Program Files (x86)\IObit Apps Toolbar\FF not found.
C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\extensions\[email protected] not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
EmptyTemp: => Removed 411.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 04:12:14 ====

  • 0

#12
winks

winks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015
Ran by Darren (administrator) on DARREN-PC on 18-01-2015 04:33:45
Running from C:\Users\Darren\Desktop
Loaded Profiles: Darren (Available profiles: Darren)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7660760 2015-01-16] (Realtek Semiconductor)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [2860856 2013-11-11] (Alcatel-Lucent)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2015-01-16] (Realtek Semiconductor)
HKLM-x32\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1802048 2014-10-13] (IObit)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-233057431-3032299918-2474818732-1000\...\Run: [MurGee.com Auto Keyboard] => c:\programdata\auto keyboard\autokeyboard.exe [80176 2014-09-17] (MurGee.com)
HKU\S-1-5-21-233057431-3032299918-2474818732-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2426144 2014-11-25] (IObit)
BootExecute: autocheck autochk * 搀渀挀氀攀愀渀㘀㐀⸀攀砀攀
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-233057431-3032299918-2474818732-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKU\S-1-5-21-233057431-3032299918-2474818732-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\Extensions\[email protected] [2014-12-09]
FF Extension: GPU Accelerated Flash Player - C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\Extensions\[email protected] [2014-10-01]
FF Extension: YouTube High Definition - C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-10-01]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\b46mwoxu.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Profile 2 -> hxxp://www.yahoo.co.uk/
CHR Profile: C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Drive) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-16]
CHR Extension: (YouTube) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-16]
CHR Extension: (Google Search) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-16]
CHR Extension: (Google Wallet) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-16]
CHR Extension: (Gmail) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
S3 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315240 2014-11-09] (Kingsoft Corporation)
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2014-08-14] (DTS)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-09-30] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-11-26] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-16] (REALiX™)
S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2014-11-09] (Kingsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
R3 cpuz137; \??\C:\Users\Darren\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-18 04:33 - 2015-01-18 04:34 - 00016784 _____ () C:\Users\Darren\Desktop\FRST.txt
2015-01-18 04:16 - 2015-01-18 04:27 - 00047473 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 04:14 - 2015-01-18 04:15 - 00000168 _____ () C:\Windows\setupact.log
2015-01-18 04:14 - 2015-01-18 04:14 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-18 04:13 - 2015-01-18 04:14 - 00295976 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-18 04:13 - 2015-01-18 04:13 - 00003902 _____ () C:\Windows\PFRO.log
2015-01-18 03:17 - 2015-01-18 03:17 - 00064416 _____ () C:\Users\Darren\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-17 14:42 - 2015-01-17 14:42 - 00000000 ____D () C:\Windows\ERUNT
2015-01-17 14:40 - 2015-01-17 14:40 - 01707939 _____ (Thisisu) C:\Users\Darren\Desktop\JRT.exe
2015-01-17 03:31 - 2015-01-18 04:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 03:31 - 2015-01-17 03:31 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-17 03:31 - 2015-01-17 03:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-17 03:31 - 2015-01-17 03:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-17 03:31 - 2015-01-17 03:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-17 03:31 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-17 03:31 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-17 03:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-17 02:53 - 2015-01-17 02:53 - 00000020 ___SH () C:\Users\Darren\ntuser.ini
2015-01-17 02:46 - 2015-01-17 02:46 - 02191360 _____ () C:\Users\Darren\Desktop\AdwCleaner.exe
2015-01-16 22:55 - 2015-01-16 22:55 - 71040000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-01-16 22:55 - 2015-01-16 22:55 - 14048512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 12967680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2015-01-16 22:55 - 2015-01-16 22:55 - 05234952 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 04263128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-01-16 22:55 - 2015-01-16 22:55 - 03186544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 02860760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 02827120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 01550528 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 01499984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 01443340 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-01-16 22:55 - 2015-01-16 22:55 - 01411096 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 01353472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 01287384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00995120 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00979280 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00959704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00922880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00856992 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00629464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00451096 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00366104 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00326680 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00326680 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00303776 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2015-01-16 22:55 - 2015-01-16 22:55 - 00096568 _____ () C:\Windows\system32\audioLibVc.dll
2015-01-16 22:50 - 2015-01-16 22:50 - 00942808 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-01-16 22:50 - 2015-01-16 22:50 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-01-16 22:45 - 2015-01-16 22:45 - 00026528 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-01-16 22:30 - 2015-01-16 22:31 - 00032010 _____ () C:\Users\Darren\Downloads\Addition.txt
2015-01-16 22:30 - 2015-01-16 22:31 - 00028441 _____ () C:\Users\Darren\Downloads\FRST.txt
2015-01-16 22:28 - 2015-01-18 04:33 - 00000000 ____D () C:\FRST
2015-01-16 22:28 - 2015-01-18 04:10 - 02126336 _____ (Farbar) C:\Users\Darren\Desktop\FRST64.exe
2015-01-16 16:59 - 2015-01-16 16:59 - 00066460 _____ () C:\Users\Darren\Downloads\Extras.Txt
2015-01-16 16:58 - 2015-01-16 16:58 - 00072572 _____ () C:\Users\Darren\Downloads\OTL.Txt
2015-01-16 16:53 - 2015-01-16 16:53 - 00602112 _____ (OldTimer Tools) C:\Users\Darren\Downloads\OTL.exe
2015-01-16 14:30 - 2015-01-16 14:30 - 00000000 __SHD () C:\Users\Darren\AppData\Local\EmieUserList
2015-01-16 14:30 - 2015-01-16 14:30 - 00000000 __SHD () C:\Users\Darren\AppData\Local\EmieSiteList
2015-01-16 14:30 - 2015-01-16 14:30 - 00000000 __SHD () C:\Users\Darren\AppData\Local\EmieBrowserModeList
2015-01-13 18:50 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 18:50 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 18:50 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 18:50 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 18:50 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 18:49 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 18:49 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 18:49 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 18:49 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 18:49 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 18:49 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 18:49 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 18:49 - 2014-12-11 17:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-08 00:22 - 2015-01-08 00:22 - 17528608 _____ (IObit) C:\Users\Darren\Downloads\iobituninstaller.exe
2014-12-26 10:38 - 2014-12-13 10:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-26 10:38 - 2014-12-13 10:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-26 10:38 - 2014-12-13 10:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-26 10:38 - 2014-10-09 17:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-12-26 10:38 - 2014-10-09 17:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-12-26 10:38 - 2014-10-09 07:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2014-12-24 10:50 - 2014-12-24 10:52 - 00000000 ____D () C:\Users\Darren\Documents\Heroes of the Storm
2014-12-24 07:53 - 2014-12-24 07:53 - 00001189 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2014-12-24 07:53 - 2014-12-24 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2014-12-24 07:49 - 2015-01-14 13:39 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2014-12-21 03:01 - 2014-12-21 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-12-21 02:45 - 2014-11-22 10:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-21 02:45 - 2014-11-22 10:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-12-21 02:45 - 2014-11-22 10:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-18 04:22 - 2009-07-14 04:45 - 00023376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-18 04:22 - 2009-07-14 04:45 - 00023376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-18 04:15 - 2014-12-09 05:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 04:14 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-18 04:04 - 2014-09-26 06:54 - 00000000 ____D () C:\Program Files (x86)\Hearthstone Deck Tracker
2015-01-18 04:04 - 2014-08-14 12:09 - 00000000 ____D () C:\Users\Darren\AppData\Local\Battle.net
2015-01-18 03:59 - 2014-12-09 05:54 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-18 03:25 - 2014-08-14 10:47 - 00000000 ____D () C:\Users\Darren\AppData\Local\Deployment
2015-01-17 14:08 - 2014-12-03 18:38 - 00000000 ____D () C:\ProgramData\yNihBy
2015-01-17 14:08 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\security
2015-01-17 04:10 - 2014-11-30 19:43 - 00002109 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-01-17 02:53 - 2014-08-13 17:51 - 00000000 ____D () C:\Users\Darren
2015-01-17 02:50 - 2014-12-09 05:42 - 00000000 ____D () C:\AdwCleaner
2015-01-16 22:57 - 2014-12-09 06:49 - 00002074 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-01-16 22:57 - 2014-08-14 18:27 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-01-16 22:56 - 2014-08-14 17:30 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-01-16 22:50 - 2011-06-10 05:34 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2015-01-16 22:47 - 2014-08-13 17:59 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-16 22:45 - 2014-12-09 06:49 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2015-01-16 22:45 - 2014-12-09 06:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2015-01-16 22:44 - 2014-08-14 14:20 - 00765280 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-16 22:44 - 2009-07-14 05:13 - 00765280 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 02:32 - 2014-12-05 16:41 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-01-14 18:00 - 2014-12-09 05:55 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-14 13:38 - 2014-08-20 03:01 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-13 20:54 - 2014-08-14 10:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 20:51 - 2014-08-14 10:35 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 06:07 - 2014-08-19 17:56 - 00000000 ____D () C:\Users\Darren\AppData\Roaming\Ventrilo
2015-01-10 06:00 - 2014-09-11 19:15 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Public Test
2015-01-08 00:16 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-01 10:04 - 2014-10-31 03:50 - 00002038 _____ () C:\Users\Darren\Desktop\Sequeencesone.lua
2014-12-31 11:14 - 2014-08-14 10:04 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-26 10:40 - 2014-11-18 15:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-26 10:30 - 2009-07-14 05:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-24 10:50 - 2014-08-14 12:09 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-12-21 02:52 - 2014-08-14 18:31 - 00001236 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-12-20 10:52 - 2014-08-30 08:05 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
 
==================== Files in the root of some directories =======
2014-10-24 04:31 - 2014-10-24 04:32 - 0000122 _____ () C:\Users\Darren\AppData\Roaming\burnaware.ini
2014-09-12 00:15 - 2014-10-18 05:05 - 0007600 _____ () C:\Users\Darren\AppData\Local\Resmon.ResmonCfg
2014-08-14 17:30 - 2014-08-14 17:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-24 13:19 - 2014-09-02 20:11 - 0000205 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-17 03:22
 
==================== End Of Log ============================

  • 0

#13
winks

winks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
C:\Users\All Users\yNihBy\dat\jiLsOpj.dll a variant of MSIL/Adware.PullUpdate.K.gen application
C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir a variant of MSIL/Adware.PullUpdate.H application cleaned by deleting - quarantined
C:\Program Files (x86)\Hearthranger_v.1.1.0\HearthRanger\HearthRanger.exe a variant of MSIL/Packed.Confuser.N potentially unwanted application deleted - quarantined
C:\ProgramData\yNihBy\dat\jiLsOpj.dll a variant of MSIL/Adware.PullUpdate.K.gen application cleaned by deleting - quarantined
C:\Users\Darren\Downloads\setup.exe Win32/Systweak.K potentially unwanted application deleted - quarantined
C:\Users\Darren\Downloads\speedfan-setup.exe a variant of Win32/DownloadAdmin.H potentially unwanted application deleted - quarantined

  • 0

#14
winks

winks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Ok I think thats all of it 

As for the last question

Pc is fine and runs ok once it gets going its the starting it up thats a pain

From the moment i hit the on button till i can do anything on pc takes around 4-5 minutes which is way slower than

it used to be. Get the little loading circle as cursor alot 


  • 0

#15
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hey, :)
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    C:\ProgramData\yNihBy
    C:\Program Files (x86)\Hearthranger_v.1.1.0
    C:\Users\All Users\yNihBy
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Still problems?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP