Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected - 0x24000 [Solved]


  • This topic is locked This topic is locked

#1
0x24000

0x24000

    Member

  • Member
  • PipPip
  • 34 posts

Hi,

 

From what I've understand, this is a forum which helps remove malware. Due to my carelessness, I think I've infected myself with some adware. I've done my best to remove what I can, but I understand that simply removing the symptoms doesn't mean anything. I need a piece of mind from an expert to make sure that my machine is 300% clean.

 

Please assist me. I'm under a great deal of stress right now.

 

My online alias is 0x24000 in case you need to address me somehow. From here on out, I will follow each and every instruction you give me to assure a clean machine. Thanks for your time! :^)

 

I just read the other thread about how to prepare this thread, so I'm running an OTL scan right now and will post it as soon as I finish.

 

...and here we gooo.

 

OTL logfile created on: 1/19/2015 11:39:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dissident \Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17498)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.89 Gb Total Physical Memory | 5.64 Gb Available Physical Memory | 71.46% Memory free
9.14 Gb Paging File | 6.96 Gb Available in Paging File | 76.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.01 Gb Total Space | 158.17 Gb Free Space | 56.69% Space Free | Partition Type: NTFS
Drive D: | 398.07 Gb Total Space | 397.93 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
 
Computer Name: DISSIDENT | User Name: Dissident  | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/19 23:39:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dissident \Downloads\OTL.exe
PRC - [2015/01/19 10:50:28 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
PRC - [2015/01/13 11:02:58 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/06/26 07:44:06 | 000,535,304 | ---- | M] (ESET) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2014/06/26 07:44:02 | 000,358,144 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2014/05/02 13:27:58 | 001,784,165 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\ScreenCloud.exe
PRC - [2014/02/05 01:32:47 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/02/05 01:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/01/21 16:41:26 | 000,817,440 | ---- | M] () -- C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
PRC - [2013/09/23 12:29:48 | 000,019,256 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2013/08/29 16:11:08 | 019,646,544 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2013/08/19 17:35:26 | 000,055,368 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2013/08/16 14:29:08 | 000,183,408 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
PRC - [2013/07/23 09:54:34 | 000,602,936 | ---- | M] (ASUS) -- C:\Program Files\ASUS\P4G\InsOnWMI.exe
PRC - [2013/07/23 09:54:34 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files\ASUS\P4G\InsOnSrv.exe
PRC - [2013/05/31 13:30:40 | 000,368,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/05/31 13:30:06 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2013/05/31 13:30:06 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2013/05/30 14:17:48 | 000,205,624 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2013/05/29 17:11:48 | 000,303,928 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2013/05/21 09:50:34 | 000,406,328 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2013/03/08 15:18:34 | 000,095,192 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2013/01/15 16:20:54 | 000,107,320 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012/05/28 10:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2011/11/21 14:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/19 10:50:27 | 016,844,464 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll
MOD - [2015/01/13 11:02:57 | 003,925,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/06/26 07:44:02 | 000,358,144 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
MOD - [2014/05/03 11:41:10 | 010,188,997 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\libPythonQt.dll
MOD - [2014/05/02 13:27:58 | 001,784,165 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\ScreenCloud.exe
MOD - [2014/03/30 10:13:44 | 001,863,207 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\libpython2.7.dll
MOD - [2014/03/30 10:13:44 | 001,000,974 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\libstdc++-6.dll
MOD - [2014/03/30 10:13:44 | 000,645,632 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\QxtGui.dll
MOD - [2014/03/30 10:13:44 | 000,445,440 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\QxtCore.dll
MOD - [2014/03/30 10:13:44 | 000,350,080 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\libquazip.dll
MOD - [2014/03/30 10:13:44 | 000,112,142 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\libgcc_s_dw2-1.dll
MOD - [2014/03/04 06:35:23 | 000,014,280 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2014/01/21 16:41:26 | 000,817,440 | ---- | M] () -- C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
MOD - [2014/01/21 16:41:25 | 000,149,792 | ---- | M] () -- C:\Program Files\Plantronics\GameCom 780 & 788\VMixPLGC.dll
MOD - [2013/08/19 17:16:48 | 000,015,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
MOD - [2013/08/16 10:03:12 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
MOD - [2013/05/25 20:23:16 | 002,056,351 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_ssl.pyd
MOD - [2013/05/25 20:23:16 | 000,343,741 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_socket.pyd
MOD - [2013/05/25 20:23:16 | 000,223,899 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_winreg.pyd
MOD - [2013/05/25 20:23:16 | 000,159,818 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\zlib.pyd
MOD - [2013/05/25 20:23:16 | 000,113,692 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_struct.pyd
MOD - [2013/05/25 20:23:16 | 000,108,774 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\time.pyd
MOD - [2013/05/25 20:23:16 | 000,089,086 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_random.pyd
MOD - [2013/05/25 20:23:16 | 000,086,445 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\select.pyd
MOD - [2013/05/25 20:23:14 | 001,396,270 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_hashlib.pyd
MOD - [2013/05/25 20:23:14 | 000,238,902 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_io.pyd
MOD - [2013/05/25 20:23:14 | 000,149,688 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\math.pyd
MOD - [2013/05/25 20:23:14 | 000,128,525 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\itertools.pyd
MOD - [2013/05/25 20:23:14 | 000,117,282 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_json.pyd
MOD - [2013/05/25 20:23:14 | 000,112,919 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\operator.pyd
MOD - [2013/05/25 20:23:14 | 000,093,110 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_heapq.pyd
MOD - [2013/05/25 20:23:14 | 000,090,550 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\_locale.pyd
MOD - [2013/05/25 20:23:12 | 000,655,558 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_ctypes.pyd
MOD - [2013/05/25 20:23:12 | 000,286,073 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\datetime.pyd
MOD - [2013/05/25 20:23:12 | 000,201,987 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_collections.pyd
MOD - [2013/05/25 20:23:12 | 000,094,371 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\cStringIO.pyd
MOD - [2013/05/25 20:23:12 | 000,087,626 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\_functools.pyd
MOD - [2013/05/25 20:23:10 | 000,120,766 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\array.pyd
MOD - [2013/05/25 20:23:10 | 000,104,921 | ---- | M] () -- C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\binascii.pyd
MOD - [2010/03/24 20:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/12/05 17:35:00 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/10/30 20:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/09/21 19:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/09/21 19:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/08/15 19:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/08/15 16:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/08/15 16:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/07/23 23:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/05/21 15:12:44 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/05/21 15:12:44 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/05/21 15:09:59 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/03/18 02:13:26 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/03/18 02:13:25 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/03/18 02:13:20 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/03/18 02:13:18 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/03/18 02:13:18 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/03/18 02:13:14 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/02/05 01:32:24 | 016,941,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/08/22 03:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 03:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 03:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 03:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 03:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 02:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 02:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 01:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 01:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 01:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 01:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 01:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 01:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 01:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 01:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/07/31 00:32:12 | 000,092,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyLpmService.exe -- (DptfPolicyLpmService)
SRV:64bit: - [2013/07/31 00:32:10 | 000,100,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService)
SRV:64bit: - [2013/07/31 00:32:10 | 000,084,568 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyCriticalService.exe -- (DptfPolicyCriticalService)
SRV:64bit: - [2013/07/31 00:32:10 | 000,083,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService)
SRV:64bit: - [2013/07/23 09:54:34 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files\ASUS\P4G\InsOnSrv.exe -- (ASUS InstantOn)
SRV:64bit: - [2013/05/11 17:45:54 | 000,822,232 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/05/11 17:45:38 | 000,733,696 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2015/01/19 10:50:28 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/13 11:02:58 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/08/15 19:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/05/21 15:09:59 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/02/05 01:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/10/01 12:02:42 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/08/21 19:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 18:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/05/31 13:30:40 | 000,368,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/05/31 13:30:06 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2013/05/31 13:30:06 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2013/01/15 16:20:54 | 000,107,320 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012/12/18 22:10:38 | 000,072,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe -- (Asus WebStorage Windows Service)
SRV - [2011/11/21 14:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/19 19:43:39 | 000,043,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2015/01/19 19:29:41 | 000,035,064 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2014/12/11 16:51:20 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2014/10/12 18:43:17 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/10/12 18:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/10/12 18:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/10/09 17:58:57 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/09/21 19:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/09/21 19:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/09/21 18:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/09/04 19:27:52 | 000,160,424 | ---- | M] (Razer Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2014/09/04 19:27:52 | 000,039,592 | ---- | M] (Razer Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:64bit: - [2014/08/14 16:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/07/24 07:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/07/24 07:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/07/24 03:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/05/21 15:12:44 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/05/21 15:12:44 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/05/21 15:12:44 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/05/01 05:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/03/18 02:13:19 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/03/18 02:13:15 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/03/18 02:13:02 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/03/18 02:13:01 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/03/18 02:13:01 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/03/18 02:13:00 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/03/18 02:13:00 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/03/18 02:13:00 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/03/18 01:45:41 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2014/03/04 06:35:23 | 000,033,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013/12/27 10:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/10/08 14:43:42 | 001,327,104 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PLTGC.sys -- (PlantronicsGC)
DRV:64bit: - [2013/10/01 12:02:30 | 004,177,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/09/23 12:30:02 | 000,070,416 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2013/08/25 19:50:52 | 000,449,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/08/22 14:51:12 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/08/22 14:51:12 | 000,026,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/08/22 05:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 05:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 04:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 04:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 04:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 04:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 04:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 04:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 04:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 04:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 04:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 04:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 04:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 04:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 04:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 04:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 04:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 04:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 04:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 04:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 04:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 04:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 04:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 04:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 04:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 04:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 04:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 04:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 04:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 03:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013/08/22 03:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 03:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 03:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 03:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 03:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 03:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 03:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 03:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 03:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 03:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 03:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 03:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 03:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 03:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 03:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 03:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 03:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 03:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 03:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 03:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 00:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 15:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 16:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/31 00:32:08 | 000,200,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfManager.sys -- (DptfManager)
DRV:64bit: - [2013/07/31 00:32:08 | 000,120,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevProc.sys -- (DptfDevProc)
DRV:64bit: - [2013/07/31 00:32:08 | 000,057,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevPch.sys -- (DptfDevPch)
DRV:64bit: - [2013/07/30 10:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 11:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/24 07:02:55 | 000,034,816 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2013/07/23 09:54:34 | 000,014,136 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Program Files\ASUS\P4G\PLCTRL.sys -- (plctrl)
DRV:64bit: - [2013/06/18 06:45:02 | 003,680,256 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athw8x.sys -- (athr)
DRV:64bit: - [2013/06/14 00:21:12 | 000,824,536 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/05/31 13:30:06 | 000,099,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/05/02 17:54:08 | 000,677,360 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/04/17 16:53:10 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2013/03/08 01:12:52 | 000,460,872 | ---- | M] (RTS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPer.sys -- (RTSPER)
DRV:64bit: - [2012/08/01 19:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012/05/30 19:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV - [2011/09/07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.co...utputEncoding?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:2.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/05/19 16:44:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dissident \AppData\Roaming\Mozilla\Extensions
[2015/01/19 17:53:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dissident \AppData\Roaming\Mozilla\Firefox\Profiles\tys9uhyk.default\extensions
[2015/01/14 15:25:15 | 000,985,112 | ---- | M] () (No name found) -- C:\Users\Dissident \AppData\Roaming\Mozilla\Firefox\Profiles\tys9uhyk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/10/29 18:12:11 | 000,304,000 | ---- | M] () (No name found) -- C:\Users\Dissident \AppData\Roaming\Mozilla\Firefox\Profiles\tys9uhyk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2015/01/13 11:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/01/13 11:02:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\DISSIDENT \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TYS9UHYK.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
 
Hosts file not found
O2:64bit: - BHO: (no name) - {1dcad05e-3fa6-4427-890b-ec506e2df1e7} - No CLSID value found.
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysNative\DptfPolicyLpmServiceHelper.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [GamecomSound] C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\WINDOWS\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ScreenCloud] C:\Program Files (x86)\ScreenCloud\ScreenCloud.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.65.16.254 129.65.21.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C52EEE0C-310E-4079-9D24-5B40AAF2173C}: DhcpNameServer = 129.65.16.254 129.65.21.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\WINDOWS\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b209d076-7809-11e4-bea2-bcee7b28bc31}\Shell - "" = AutoRun
O33 - MountPoints2\{b209d076-7809-11e4-bea2-bcee7b28bc31}\Shell\AutoRun\command - "" = "F:\LaunchU3.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/19 23:21:16 | 000,000,000 | ---D | C] -- C:\Users\Dissident \AppData\Local\CrashDumps
[2015/01/19 23:05:58 | 000,000,000 | ---D | C] -- C:\Users\Dissident \AppData\Roaming\DAEMON Tools Lite
[2015/01/19 23:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2015/01/19 22:59:45 | 000,000,000 | ---D | C] -- C:\Users\Dissident \AppData\Roaming\PowerISO
[2015/01/19 22:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2015/01/19 19:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2015/01/19 18:13:33 | 000,079,064 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\qfymyel.sys
[2015/01/19 18:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2015/01/19 18:01:21 | 000,000,000 | ---D | C] -- C:\Users\Dissident \AppData\Roaming\9-lab
[2015/01/19 18:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
[2015/01/19 18:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\9-lab
[2015/01/19 18:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\9-lab
[2015/01/19 17:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2015/01/19 17:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft
[2015/01/19 17:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Adware-Removal-Tool
[2015/01/19 17:33:22 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/01/19 17:30:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2015/01/19 17:10:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\unaisales
[2015/01/19 17:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\unissalEEs
[2015/01/13 11:02:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/19 23:38:15 | 000,042,497 | ---- | M] () -- C:\Users\Dissident \Documents\24kpwn.jpeg
[2015/01/19 23:22:33 | 000,863,592 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015/01/19 23:22:33 | 000,737,308 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015/01/19 23:22:33 | 000,138,088 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015/01/19 23:17:06 | 000,000,062 | ---- | M] () -- C:\Users\Dissident \AppData\Roaming\sp_data.sys
[2015/01/19 23:16:58 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/01/19 23:15:18 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\AutoKMS.job
[2015/01/19 23:14:53 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/01/19 23:14:53 | 2479,214,591 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/19 22:45:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/01/19 19:43:39 | 000,043,664 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\hitmanpro37.sys
[2015/01/19 19:29:41 | 000,035,064 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\TrueSight.sys
[2015/01/19 19:14:56 | 000,001,274 | ---- | M] () -- C:\WINDOWS\SysNative\.crusader
[2015/01/19 18:24:18 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/19 18:13:33 | 000,079,064 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\qfymyel.sys
[2015/01/19 17:45:18 | 000,097,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2015/01/11 14:42:30 | 000,094,551 | ---- | M] () -- C:\Users\Dissident \Documents\LitIllustrator.jpg
[2015/01/07 15:29:02 | 000,132,193 | ---- | M] () -- C:\Users\Dissident \Documents\StBFKy0.gif
[2014/12/31 18:34:30 | 000,012,302 | ---- | M] () -- C:\Users\Dissident \Documents\y9EiLZzX.jpeg
[2014/12/30 19:44:20 | 000,060,992 | ---- | M] () -- C:\Users\Dissident \Documents\61234_155724814450268_127115763977840_357389_1457229_n.jpg
[2014/12/30 19:43:28 | 000,015,076 | ---- | M] () -- C:\Users\Dissident \Documents\tumblr_n7kt6fgsua1su7t4wo1_250_1147.jpg
[2014/12/30 19:41:06 | 000,108,544 | ---- | M] () -- C:\Users\Dissident \Documents\SW-White-Gluz-Saffer-3-583x388.jpg
[2014/12/30 19:35:11 | 000,566,038 | ---- | M] () -- C:\Users\Dissident \Documents\cCDutMy.png
[2014/12/30 19:35:08 | 000,404,569 | ---- | M] () -- C:\Users\Dissident \Documents\Wez33GZ.png
[2014/12/30 12:33:59 | 000,111,162 | ---- | M] () -- C:\Users\Dissident \Documents\Froggy.jpg
[2014/12/27 11:52:23 | 000,009,172 | ---- | M] () -- C:\Users\Dissident \Documents\Circles.gif
[2014/12/25 23:42:21 | 000,041,050 | ---- | M] () -- C:\Users\Dissident \Documents\s6N2Y7H.png
[2014/12/25 23:39:52 | 000,797,271 | ---- | M] () -- C:\Users\Dissident \Documents\First Time Blue Skin Rengar - Pentakill.png
[2014/12/21 23:08:11 | 000,799,804 | ---- | M] () -- C:\Users\Dissident \Documents\Yasuo Game The First Good One.png
[2014/12/21 12:58:51 | 000,004,939 | ---- | M] () -- C:\Users\Dissident \Documents\cannabisbutton.png
 
========== Files Created - No Company Name ==========
 
[2015/01/19 23:38:15 | 000,042,497 | ---- | C] () -- C:\Users\Dissident \Documents\24kpwn.jpeg
[2015/01/19 19:43:39 | 000,043,664 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\hitmanpro37.sys
[2015/01/19 19:29:41 | 000,035,064 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\TrueSight.sys
[2015/01/19 19:14:56 | 000,001,274 | ---- | C] () -- C:\WINDOWS\SysNative\.crusader
[2015/01/19 10:51:21 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/01/11 14:42:29 | 000,094,551 | ---- | C] () -- C:\Users\Dissident \Documents\LitIllustrator.jpg
[2015/01/07 15:29:01 | 000,132,193 | ---- | C] () -- C:\Users\Dissident \Documents\StBFKy0.gif
[2014/12/31 18:34:30 | 000,012,302 | ---- | C] () -- C:\Users\Dissident \Documents\y9EiLZzX.jpeg
[2014/12/30 19:44:20 | 000,060,992 | ---- | C] () -- C:\Users\Dissident \Documents\61234_155724814450268_127115763977840_357389_1457229_n.jpg
[2014/12/30 19:43:28 | 000,015,076 | ---- | C] () -- C:\Users\Dissident \Documents\tumblr_n7kt6fgsua1su7t4wo1_250_1147.jpg
[2014/12/30 19:41:06 | 000,108,544 | ---- | C] () -- C:\Users\Dissident \Documents\SW-White-Gluz-Saffer-3-583x388.jpg
[2014/12/30 19:35:11 | 000,566,038 | ---- | C] () -- C:\Users\Dissident \Documents\cCDutMy.png
[2014/12/30 19:35:07 | 000,404,569 | ---- | C] () -- C:\Users\Dissident \Documents\Wez33GZ.png
[2014/12/30 12:33:58 | 000,111,162 | ---- | C] () -- C:\Users\Dissident \Documents\Froggy.jpg
[2014/12/27 11:52:23 | 000,009,172 | ---- | C] () -- C:\Users\Dissident \Documents\Circles.gif
[2014/12/25 23:42:21 | 000,041,050 | ---- | C] () -- C:\Users\Dissident \Documents\s6N2Y7H.png
[2014/12/25 23:39:51 | 000,797,271 | ---- | C] () -- C:\Users\Dissident \Documents\First Time Blue Skin Rengar - Pentakill.png
[2014/12/21 23:08:11 | 000,799,804 | ---- | C] () -- C:\Users\Dissident \Documents\Yasuo Game The First Good One.png
[2014/12/21 12:58:51 | 000,004,939 | ---- | C] () -- C:\Users\Dissident \Documents\cannabisbutton.png
[2014/12/15 12:54:58 | 000,021,840 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntfNT.dll
[2014/12/15 12:54:58 | 000,017,212 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntf32.dll
[2014/12/15 12:54:58 | 000,012,067 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntf16.dll
[2014/12/14 23:51:05 | 000,000,415 | ---- | C] () -- C:\WINDOWS\PLTGC.ini.cfl
[2014/12/14 23:50:58 | 000,004,024 | ---- | C] () -- C:\WINDOWS\PLTGC.ini.cfg
[2014/12/14 23:50:58 | 000,000,714 | ---- | C] () -- C:\WINDOWS\PLTGC.ini.imi
[2014/12/14 23:50:58 | 000,000,498 | ---- | C] () -- C:\WINDOWS\PLTGC.ini
[2014/09/04 08:49:37 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2014/09/04 08:49:37 | 000,000,034 | ---- | C] () -- C:\WINDOWS\SysWow64\BD2040.DAT
[2014/05/21 14:18:24 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/05/19 16:38:42 | 000,000,062 | ---- | C] () -- C:\Users\Dissident \AppData\Roaming\sp_data.sys
[2014/03/18 02:13:28 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/03/18 02:13:03 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/10/01 12:02:30 | 000,303,104 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013/10/01 12:02:26 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013/10/01 12:02:26 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/09/26 22:34:29 | 000,004,362 | ---- | C] () -- C:\WINDOWS\SysWow64\DptfInvalidPolicyRemover.ini
[2013/08/22 07:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 07:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 06:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/21 23:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 19:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 15:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 15:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/05/11 17:17:52 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll
[2013/05/01 01:34:24 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2013/05/01 01:34:24 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2013/05/01 01:34:24 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS
 
========== ZeroAccess Check ==========
 
[2015/01/19 21:43:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/08/30 16:15:33 | 021,197,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/30 14:59:13 | 018,723,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 01:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 18:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 01:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015/01/19 18:01:21 | 000,000,000 | ---D | M] -- C:\Users\Dissident \AppData\Roaming\9-lab
[2014/05/19 16:40:31 | 000,000,000 | ---D | M] -- C:\Users\Dissident \AppData\Roaming\ASUS WebStorage
[2014/05/19 18:14:14 | 000,000,000 | ---D | M] -- C:\Users\Dissident \AppData\Roaming\Curse
[2014/05/19 19:13:43 | 000,000,000 | ---D | M] -- C:\Users\Dissident \AppData\Roaming\Curse Client
[2015/01/19 23:10:19 | 000,000,000 | ---D | M] -- C:\Users\Dissident \AppData\Roaming\DAEMON Tools Lite
[2014/05/19 17:48:31 | 000,000,000 | ---D | M] -- C:\Users\Dissident \AppData\Roaming\LolClient
[2014/11/12 01:18:30 | 000,000,000 | ---D | M] -- C:\Users\Dissident \AppData\Roaming\Notepad++
[2015/01/19 22:59:45 | 000,000,000 | ---D | M] -- C:\Users\Dissident \AppData\Roaming\PowerISO
[2014/05/19 16:43:03 | 000,000,000 | ---D | M] -- C:\Users\Dissident \AppData\Roaming\Riot Games
[2014/05/21 19:30:08 | 000,000,000 | ---D | M] -- C:\Users\Dissident \AppData\Roaming\TeamViewer
[2015/01/19 23:13:57 | 000,000,000 | ---D | M] -- C:\Users\Dissident \AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >
 


Edited by 0x24000, 20 January 2015 - 01:54 AM.

  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 



- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

OK, let's get started. Since you are using Windows 8/8.1 we need to use a different scanner. Please do the following.

 

Step#1 - FRST Scan
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

 


  • 0

#3
0x24000

0x24000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

FRST.txt Log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Dissident  (administrator) on DISSIDENT on 20-01-2015 09:30:57
Running from C:\Users\Dissident \Desktop
Loaded Profiles: Dissident  (Available profiles: Dissident )
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
() C:\Program Files (x86)\ScreenCloud\ScreenCloud.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x64__8wekyb3d8bbwe\glcnd.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-07-31] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe [817440 2014-01-21] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-18] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2761190101-3978823051-44143618-1002\...\Run: [ScreenCloud] => C:\Program Files (x86)\ScreenCloud\ScreenCloud.exe [1784165 2014-05-02] ()
HKU\S-1-5-21-2761190101-3978823051-44143618-1002\...\MountPoints2: {b209d076-7809-11e4-bea2-bcee7b28bc31} - "F:\LaunchU3.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\S-1-5-21-2761190101-3978823051-44143618-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {1dcad05e-3fa6-4427-890b-ec506e2df1e7} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 129.65.16.254 129.65.21.254

FireFox:
========
FF ProfilePath: C:\Users\Dissident \AppData\Roaming\Mozilla\Firefox\Profiles\tys9uhyk.default
FF DefaultSearchEngine: Google
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Adblock Plus - C:\Users\Dissident \AppData\Roaming\Mozilla\Firefox\Profiles\tys9uhyk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-19]
FF Extension: Greasemonkey - C:\Users\Dissident \AppData\Roaming\Mozilla\Firefox\Profiles\tys9uhyk.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-07-30]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-07-23] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] () [File not signed]
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-07-31] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-07-31] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-07-31] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-07-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-23] (ASUS Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-07-31] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-07-31] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-07-31] (Intel Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-01-19] ()
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
U0 kiwkd; C:\Windows\System32\drivers\unkjbp.sys [79064 2015-01-20] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-31] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 PlantronicsGC; C:\Windows\system32\drivers\PLTGC.sys [1327104 2013-10-08] (C-Media Electronics Inc)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-07-23] (Windows ® Win 7 DDK provider)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [460872 2013-03-08] (RTS Corporation)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-09-04] (Razer Inc)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-19] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 09:30 - 2015-01-20 09:31 - 00016507 _____ () C:\Users\Dissident \Desktop\FRST.txt
2015-01-20 09:30 - 2015-01-20 09:31 - 00000000 ____D () C:\FRST
2015-01-20 09:30 - 2015-01-20 09:30 - 02126848 _____ (Farbar) C:\Users\Dissident \Desktop\FRST64.exe
2015-01-20 00:44 - 2015-01-20 00:44 - 00000000 ____D () C:\ProgramData\Steam
2015-01-20 00:43 - 2015-01-20 00:43 - 00000000 ____D () C:\Users\Dissident \Documents\My Games
2015-01-20 00:43 - 2015-01-20 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yaiba Ninja Gaiden Z
2015-01-20 00:43 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2015-01-20 00:43 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2015-01-20 00:43 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2015-01-20 00:43 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2015-01-20 00:43 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2015-01-20 00:43 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2015-01-20 00:43 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2015-01-20 00:38 - 2015-01-20 00:43 - 00000000 ____D () C:\Program Files (x86)\Yaiba Ninja Gaiden Z
2015-01-20 00:30 - 2015-01-20 00:30 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\unkjbp.sys
2015-01-20 00:06 - 2015-01-20 00:33 - 00000000 ____D () C:\Users\Dissident \Downloads\Yaiba Ninja Gaiden Z_RePack by SEYTER
2015-01-19 23:47 - 2015-01-19 23:47 - 00127790 _____ () C:\Users\Dissident \Downloads\OTL.Txt
2015-01-19 23:47 - 2015-01-19 23:47 - 00062306 _____ () C:\Users\Dissident \Downloads\Extras.Txt
2015-01-19 23:39 - 2015-01-19 23:39 - 00602112 _____ (OldTimer Tools) C:\Users\Dissident \Downloads\OTL.exe
2015-01-19 23:38 - 2015-01-19 23:38 - 00042497 _____ () C:\Users\Dissident \Documents\24kpwn.jpeg
2015-01-19 23:21 - 2015-01-19 23:21 - 00000000 ____D () C:\Users\Dissident \AppData\Local\CrashDumps
2015-01-19 23:20 - 2015-01-19 23:20 - 01707939 _____ (Thisisu) C:\Users\Dissident \Downloads\JRT.exe
2015-01-19 23:15 - 2015-01-20 09:14 - 00000308 _____ () C:\WINDOWS\setupact.log
2015-01-19 23:15 - 2015-01-19 23:15 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-19 23:14 - 2015-01-19 23:14 - 00002506 _____ () C:\WINDOWS\PFRO.log
2015-01-19 23:12 - 2015-01-19 23:12 - 02186752 _____ () C:\Users\Dissident \Downloads\AdwCleaner(1).exe
2015-01-19 23:05 - 2015-01-19 23:10 - 00000000 ____D () C:\Users\Dissident \AppData\Roaming\DAEMON Tools Lite
2015-01-19 23:05 - 2015-01-19 23:10 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-19 22:59 - 2015-01-19 22:59 - 00000000 ____D () C:\Users\Dissident \AppData\Roaming\PowerISO
2015-01-19 22:55 - 2015-01-19 22:55 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2015-01-19 22:54 - 2015-01-19 22:54 - 01640984 _____ () C:\Users\Dissident \Downloads\SetupVirtualCloneDrive5470.exe
2015-01-19 21:42 - 2015-01-19 21:43 - 00000000 ____D () C:\Users\Dissident \Downloads\Microsoft Toolkit 2.3.2 For Office 2010 and Windows [h33t][iahq76]
2015-01-19 21:05 - 2015-01-20 09:23 - 00128245 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-19 19:49 - 2015-01-19 19:49 - 02186752 _____ () C:\Users\Dissident \Downloads\AdwCleaner.exe
2015-01-19 19:43 - 2015-01-19 19:43 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-01-19 19:29 - 2015-01-19 19:29 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-01-19 19:29 - 2015-01-19 19:29 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-19 19:14 - 2015-01-19 19:14 - 00001274 _____ () C:\WINDOWS\system32\.crusader
2015-01-19 18:13 - 2015-01-19 18:13 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\qfymyel.sys
2015-01-19 18:05 - 2015-01-19 18:05 - 02347384 _____ (ESET) C:\Users\Dissident \Downloads\esetsmartinstaller_enu.exe
2015-01-19 18:05 - 2015-01-19 18:05 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-19 18:01 - 2015-01-19 18:37 - 00000000 ____D () C:\Program Files\9-lab
2015-01-19 18:01 - 2015-01-19 18:01 - 00000000 ____D () C:\Users\Dissident \AppData\Roaming\9-lab
2015-01-19 18:01 - 2015-01-19 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2015-01-19 18:01 - 2015-01-19 18:01 - 00000000 ____D () C:\ProgramData\9-lab
2015-01-19 17:45 - 2015-01-19 17:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-19 17:40 - 2015-01-19 19:21 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-01-19 17:40 - 2015-01-19 17:40 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2015-01-19 17:39 - 2015-01-19 17:39 - 00753184 _____ () C:\Users\Dissident \Downloads\Adware-Removal-Tool-v3.9.1.exe
2015-01-19 17:33 - 2015-01-19 23:14 - 00000000 ____D () C:\AdwCleaner
2015-01-19 17:33 - 2015-01-19 17:33 - 02186752 _____ () C:\Users\Dissident \Downloads\adwcleaner_4.108.exe
2015-01-19 17:30 - 2015-01-19 17:30 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-19 17:28 - 2015-01-19 17:28 - 00038152 _____ () C:\Users\Dissident \Downloads\Result.txt
2015-01-19 17:26 - 2015-01-19 23:34 - 00000090 _____ () C:\Users\Dissident \Documents\BleepingComputer.txt
2015-01-19 17:10 - 2015-01-19 19:14 - 00000000 ____D () C:\Program Files (x86)\unissalEEs
2015-01-19 17:10 - 2015-01-19 19:14 - 00000000 ____D () C:\Program Files (x86)\unaisales
2015-01-19 10:51 - 2015-01-20 00:45 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-19 10:51 - 2015-01-19 10:51 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-14 12:23 - 2014-12-18 22:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 12:23 - 2014-12-11 18:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 12:23 - 2014-12-08 17:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 12:23 - 2014-12-05 19:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 12:23 - 2014-12-05 17:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 12:23 - 2014-10-28 17:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 12:23 - 2014-10-28 17:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-14 12:22 - 2014-12-11 16:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 12:22 - 2014-12-08 11:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 12:22 - 2014-12-08 11:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 12:22 - 2014-12-08 11:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 12:22 - 2014-12-08 11:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 12:22 - 2014-12-08 11:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 12:22 - 2014-12-08 11:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 12:22 - 2014-12-08 11:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 12:22 - 2014-12-08 11:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 12:22 - 2014-12-05 17:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 12:22 - 2014-10-28 20:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 12:22 - 2014-10-28 20:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 12:22 - 2014-10-28 19:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 12:22 - 2014-10-28 19:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 12:22 - 2014-10-28 19:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 12:22 - 2014-10-28 19:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 12:22 - 2014-10-28 19:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 12:22 - 2014-10-28 19:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 12:22 - 2014-10-28 19:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 12:22 - 2014-10-28 19:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 12:22 - 2014-10-28 19:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 12:22 - 2014-10-28 18:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 12:22 - 2014-10-28 17:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 12:22 - 2014-10-28 17:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-13 11:02 - 2015-01-13 11:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-11 13:56 - 2012-03-06 02:09 - 00000000 ____D () C:\Users\Dissident \Downloads\Fort Minor - We Major Limited Edition (DatPiff.com)
2015-01-11 01:16 - 2015-01-11 01:16 - 513687476 _____ () C:\Users\Dissident \Downloads\Rebel%20Era.zip
2015-01-11 01:16 - 2015-01-11 01:16 - 172096120 _____ () C:\Users\Dissident \Downloads\GRIZ%20-%20MAD%20LIBERATION%20ALBUM.zip
2015-01-11 01:13 - 2015-01-11 01:21 - 153601768 _____ () C:\Users\Dissident \Downloads\Itsu - Sublimate - 2012 - FLAC.zip
2015-01-02 21:58 - 2015-01-02 21:58 - 00000054 _____ () C:\Users\Dissident \Documents\Music.txt
2015-01-01 13:08 - 2015-01-01 13:08 - 00000000 ____D () C:\Users\Dissident \Downloads\Youre.Next.2011.720p.BRRip.AC3.x264-WEEDMADE[et]
2015-01-01 12:48 - 2015-01-01 12:48 - 00000000 ____D () C:\Users\Dissident \Downloads\The.Guest.2014.HDRip.XviD.MP3-RARBG
2014-12-31 18:34 - 2014-12-31 18:34 - 00012302 _____ () C:\Users\Dissident \Documents\y9EiLZzX.jpeg
2014-12-26 18:47 - 2014-12-26 19:05 - 00000000 ____D () C:\Users\Dissident \Downloads\of Montreal
2014-12-26 00:16 - 2014-12-26 01:50 - 00000000 ____D () C:\Users\Dissident \Downloads\The Interview (2014) 720p WEBRip x264  - Detor
2014-12-24 23:03 - 2014-12-24 23:08 - 00000000 ____D () C:\Users\Dissident \Downloads\Neighbors (2014)
2014-12-24 23:00 - 2014-12-24 23:01 - 00000000 ____D () C:\Users\Dissident \Downloads\Radio Moscow - Magical Dirt (2014) [email protected] Beolab1700
2014-12-24 23:00 - 2014-12-24 23:01 - 00000000 ____D () C:\Users\Dissident \Downloads\Radio Moscow - 3 and 3 Quarters (2012)  [email protected] Beolab1700

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 09:19 - 2014-05-19 17:53 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2761190101-3978823051-44143618-1002
2015-01-20 09:15 - 2014-05-19 16:38 - 00000062 _____ () C:\Users\Dissident \AppData\Roaming\sp_data.sys
2015-01-20 09:13 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-20 00:47 - 2014-07-07 17:08 - 00000000 ____D () C:\Users\Dissident \AppData\Roaming\uTorrent
2015-01-20 00:46 - 2014-05-19 16:46 - 00000000 ____D () C:\Users\Dissident \AppData\Roaming\Skype
2015-01-20 00:30 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-01-20 00:23 - 2014-07-19 12:32 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-19 23:22 - 2014-03-18 02:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-19 23:15 - 2014-05-21 09:03 - 00000294 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2015-01-19 23:15 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-19 22:49 - 2014-05-28 15:01 - 00000000 ____D () C:\Users\Dissident \AppData\Roaming\vlc
2015-01-19 19:54 - 2014-06-04 13:43 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-19 17:45 - 2014-07-19 12:32 - 00097496 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-19 17:37 - 2013-08-22 05:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-19 17:13 - 2014-05-20 13:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-19 12:00 - 2014-01-04 12:21 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-01-19 12:00 - 2014-01-04 12:21 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-01-19 00:38 - 2014-10-14 18:59 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-01-15 07:52 - 2014-05-19 16:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-14 13:36 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-14 13:35 - 2014-05-20 02:15 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 13:31 - 2014-05-20 02:15 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-05 16:08 - 2013-08-22 07:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-05 16:08 - 2013-08-22 07:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-02 17:24 - 2014-01-04 11:57 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-02 10:54 - 2014-09-20 11:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-02 10:54 - 2014-05-19 16:46 - 00000000 ____D () C:\ProgramData\Skype
2014-12-31 03:14 - 2014-05-20 01:52 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======
2014-05-19 16:38 - 2015-01-20 09:15 - 0000062 _____ () C:\Users\Dissident \AppData\Roaming\sp_data.sys
2014-05-21 14:18 - 2014-05-21 14:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-05-01 01:34 - 2012-09-07 03:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-05-01 01:34 - 2009-07-22 02:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-05-01 01:34 - 2012-09-07 03:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\Dissident \AppData\Local\Temp\dllnt_dump.dll
C:\Users\Dissident \AppData\Local\Temp\Quarantine.exe
C:\Users\Dissident \AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-11 13:29

==================== End Of Log ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Dissident  at 2015-01-20 09:31:39
Running from C:\Users\Dissident \Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2761190101-3978823051-44143618-1002\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.5 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.7 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5710.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.310 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.0.0.2023 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1550 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Plantronics® GameCom 780/788 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.20.0001 - Plantronics)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.16.614.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21224 - Realtek Semiconductor Corp.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
ScreenCloud (HKLM-x32\...\{CFD5745C-290C-4C48-AC2A-08F1E7B5796B}) (Version: 1.1.6 - Olav Sortland Thoresen)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (09/17/2013 1.0.0.186) (HKLM\...\D9E691DCEE7D3B9B7C62A7F5C2EAABBB9335DC9A) (Version: 09/17/2013 1.0.0.186 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Yaiba Ninja Gaiden Z, âåðñèÿ 1.0.0.0 (HKLM-x32\...\Yaiba Ninja Gaiden Z_is1) (Version: 1.0.0.0 - RePack by SEYTER)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2761190101-3978823051-44143618-1002_Classes\CLSID\{5F63E8CB-8F57-490A-97FE-62BC2F2A5EA4}\InprocServer32 -> No File Path

==================== Restore Points  =========================

02-01-2015 17:23:22 Removed JMP
10-01-2015 01:55:50 Scheduled Checkpoint
14-01-2015 13:30:08 Windows Update
19-01-2015 19:12:47 Checkpoint by HitmanPro

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00894ACE-AC8A-41B0-BB43-7B587FF97FA6} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {4FCCAD0E-B77D-4650-B446-56AFCD3EB224} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {60D4EE0C-EF7F-4958-B2A0-A44FEDA18FFC} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-07-09] ()
Task: {657EF7DB-7356-45A1-85D2-AFF9195ED7D6} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {6B8CF48A-3A0B-4C89-AF5B-9DF8D4DF97F3} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {878D25DA-9EC6-4B41-8222-BE08B158D0FE} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {A1FE3036-E2BD-4290-8C64-F383308A44FB} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-08-19] (ASUS)
Task: {A57D15B4-4EA8-46B5-945E-C6913DB0EE08} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-09-23] (AsusTek)
Task: {AE95E3B5-09A6-4FA2-8C97-38D3E6C91C0B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {C3547454-5053-4443-914C-B51B11AC9AB9} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-29] (ASUSTek Computer Inc.)
Task: {CBB99F41-A0F1-4097-90D6-2E0F7A15F738} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CD480DB0-19BD-4EA4-AF01-10D92469B42F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-19] (Adobe Systems Incorporated)
Task: {D6F02E04-6CF1-488A-9924-F34463A7256F} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-08-16] (ASUSTeK Computer Inc.)
Task: {E22E4FCD-716F-4EBD-8CD3-D666426278EC} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-07-23] (ASUS)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

==================== Loaded Modules (whitelisted) =============

2014-09-22 10:49 - 2014-09-22 10:49 - 00034304 _____ () C:\WINDOWS\System32\ssj2mlm.dll
2012-12-18 22:10 - 2012-12-18 22:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2013-12-10 07:13 - 2014-03-04 06:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-05-21 14:17 - 2014-03-04 05:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-07-23 09:54 - 2013-07-23 09:54 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2010-03-24 20:38 - 2010-03-24 20:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-12-14 23:51 - 2014-01-21 16:41 - 00817440 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
2014-05-02 13:27 - 2014-05-02 13:27 - 01784165 _____ () C:\Program Files (x86)\ScreenCloud\ScreenCloud.exe
2014-01-04 12:02 - 2013-05-31 13:30 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-08-19 17:16 - 2013-08-19 17:16 - 00015440 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-08-16 10:03 - 2013-08-16 10:03 - 00023040 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-12-14 23:51 - 2014-01-21 16:41 - 00149792 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\VmixPLGC.dll
2014-03-30 10:13 - 2014-03-30 10:13 - 00645632 _____ () C:\Program Files (x86)\ScreenCloud\QxtGui.dll
2014-03-30 10:13 - 2014-03-30 10:13 - 00350080 _____ () C:\Program Files (x86)\ScreenCloud\libquazip.dll
2014-03-30 10:13 - 2014-03-30 10:13 - 00112142 _____ () C:\Program Files (x86)\ScreenCloud\libgcc_s_dw2-1.dll
2014-03-30 10:13 - 2014-03-30 10:13 - 01000974 _____ () C:\Program Files (x86)\ScreenCloud\libstdc++-6.dll
2014-05-03 11:41 - 2014-05-03 11:41 - 10188997 _____ () C:\Program Files (x86)\ScreenCloud\libPythonQt.dll
2014-03-30 10:13 - 2014-03-30 10:13 - 00445440 _____ () C:\Program Files (x86)\ScreenCloud\QxtCore.dll
2014-03-30 10:13 - 2014-03-30 10:13 - 01863207 _____ () C:\Program Files (x86)\ScreenCloud\libpython2.7.dll
2013-05-25 20:23 - 2013-05-25 20:23 - 00159818 _____ () C:\Program Files (x86)\ScreenCloud\zlib.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00112919 _____ () C:\Program Files (x86)\ScreenCloud\operator.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00087626 _____ () C:\Program Files (x86)\ScreenCloud\_functools.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00090550 _____ () C:\Program Files (x86)\ScreenCloud\_locale.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 01396270 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_hashlib.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00149688 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\math.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00104921 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\binascii.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00089086 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_random.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00201987 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_collections.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00128525 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\itertools.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00093110 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_heapq.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00108774 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\time.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00113692 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_struct.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00094371 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\cStringIO.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00343741 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_socket.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 02056351 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_ssl.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00120766 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\array.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00086445 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\select.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00655558 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_ctypes.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00238902 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_io.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00286073 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\datetime.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00223899 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_winreg.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00117282 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_json.pyd
2014-02-04 17:31 - 2014-02-04 17:31 - 00113171 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 02396179 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00268307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00031251 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 11148307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 01248787 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00066579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 02021395 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00100371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00240659 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00076307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00045587 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00060947 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00531475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00708627 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00114195 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00040467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00133139 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 01512467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00296979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00054291 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00038419 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00189971 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00025619 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00091667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00067603 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00336403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00077331 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00016403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00146451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00733203 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00015891 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00022035 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00021523 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00030739 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00021011 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00063507 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00036883 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00017427 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00025619 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00024595 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00064531 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00291859 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00017939 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 01280019 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00018451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00344595 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00198675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00027155 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 01371667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00130579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00168979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00058899 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 01496083 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00019475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00013331 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00025619 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2015-01-13 11:02 - 2015-01-13 11:02 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-10 07:13 - 2014-03-04 06:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 20:17 - 2010-03-24 20:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2761190101-3978823051-44143618-500 - Administrator - Disabled)
Dissident  (S-1-5-21-2761190101-3978823051-44143618-1002 - Administrator - Enabled) => C:\Users\Dissident
Guest (S-1-5-21-2761190101-3978823051-44143618-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/20/2015 00:46:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dissident)
Description: Activation of app Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/20/2015 00:31:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dissident)
Description: Activation of app Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/20/2015 00:22:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dissident)
Description: Activation of app Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (01/20/2015 00:40:49 AM) (Source: DCOM) (EventID: 10010) (User: Dissident)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/20/2015 00:40:19 AM) (Source: DCOM) (EventID: 10010) (User: Dissident)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/20/2015 00:39:49 AM) (Source: DCOM) (EventID: 10010) (User: Dissident)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/20/2015 00:39:19 AM) (Source: DCOM) (EventID: 10010) (User: Dissident)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/20/2015 00:38:49 AM) (Source: DCOM) (EventID: 10010) (User: Dissident)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/20/2015 00:38:19 AM) (Source: DCOM) (EventID: 10010) (User: Dissident)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/20/2015 00:34:13 AM) (Source: DCOM) (EventID: 10010) (User: Dissident)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/20/2015 00:23:09 AM) (Source: DCOM) (EventID: 10010) (User: Dissident)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/20/2015 00:22:39 AM) (Source: DCOM) (EventID: 10010) (User: Dissident)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/20/2015 00:18:21 AM) (Source: DCOM) (EventID: 10010) (User: Dissident)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================
Error: (01/20/2015 00:46:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dissident)
Description: Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader-2144927151

Error: (01/20/2015 00:31:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dissident)
Description: Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader-2144927151

Error: (01/20/2015 00:22:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dissident)
Description: Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader-2144927151


CodeIntegrity Errors:
===================================
  Date: 2015-01-19 21:38:42.227
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-16 12:55:53.252
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-05 15:25:04.199
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 19:28:28.951
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-15 13:20:52.635
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-14 20:28:02.555
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-30 11:32:48.008
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-29 11:26:17.442
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-25 00:08:14.219
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-19 21:56:10.839
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 22%
Total physical RAM: 8075.46 MB
Available physical RAM: 6251.54 MB
Total Pagefile: 9355.46 MB
Available Pagefile: 7563.58 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.01 GB) (Free:163.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:398.07 GB) (Free:397.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: DFCAAEF7)

Partition: GPT Partition Type.

==================== End Of Log ============================


  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks for the information. You were wise to get a second pair of eyes on it as I do see remnants that need cleaned up. It looks like you may have run a bunch of tools before posting your topic. Some of these tools should not have been run without guidance from a helper. Can you tell me which ones of the following list you actually ran?

 

RogueCleaner (If you ran this please post the contents of any files that begin with RKreport that are in the same directory as the tool ran from )
AdwCleaner (If you ran this please post the contents of C:\AdwCleaner\AdwCleaner[S0].txt
Hitmanpro (If you ran this and there is a log, please provide)
ESET
9-lab
Adware-Removal-Tool

 

 

Step#1 - CKScanner
1. Download CKScanner by askey127 from here & save it to your Desktop.
2. Right-click on CKScanner.exe then click Run as Administrator to open. Allow if prompted.
3. Click Search For Files
4. When the cursor hourglass disappears, click Save List To File
5. A message box will verify the file saved
6. Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.


  • 0

#5
0x24000

0x24000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts


RogueCleaner (If you ran this please post the contents of any files that begin with RKreport that are in the same directory as the tool ran from )
AdwCleaner (If you ran this please post the contents of C:\AdwCleaner\AdwCleaner[S0].txt
Hitmanpro (If you ran this and there is a log, please provide)
ESET
9-lab
Adware-Removal-Tool

 

If I had those logs, I'd provide them, but I think I removed them. If any of these tools need to be ran in the future or after this post, let me know and I will provide the logs in the next update.

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\asus\atk package\atk hotkey\atkmsgctrl.exe
c:\users\dissident \downloads\projectzomboid build 27\media\sound\crackwood.ogg
c:\windows\prefetch\crack and setup.exe-93bb3681.pf
scanner sequence 3.CP.11.OXAPTZ
 ----- EOF -----

 

The crack and setup.exe was directly downloaded to my computer without permission.


  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK, thanks for the info. There are signs in your logs of a possible cracked/illegal version of Office and/or Windows. Since this was done without your permission I'll be sure to remove any remnants of this. Let's get you cleaned up.
 
Step#1 - Warnings
 
The Dangers of P2P Programs
IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.
Here are some information sources about the dangers of P2P programs:
 
FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers
 
I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.
 
It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.
 
Please uninstall the following Peer-to-Peer program(s): uTorrent
 
 
CCleaner
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.

 

 

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   1.15KB   118 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#3 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#4 - JRT
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3, The tool will open and start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. After your machine is rebooted, please re-enable your antivirus.
8. Post the contents of JRT.txt into your next message.

 

Step#5 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

Step#6 - Fresh Set of Logs
 
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post

1. FRST Fix Log

2. Adwcleaner log

3. Junkware log

4. Rootkit Log
5. Fresh FRST and Addition logs

 


  • 0

#7
0x24000

0x24000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

FRST Fix Log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Dissident  at 2015-01-20 20:51:09 Run:1
Running from C:\Users\Dissident \Desktop
Loaded Profiles: Dissident  (Available profiles: Dissident )
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKU\S-1-5-21-2761190101-3978823051-44143618-1002\...\MountPoints2: {b209d076-7809-11e4-bea2-bcee7b28bc31} - "F:\LaunchU3.exe"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: No Name -> {1dcad05e-3fa6-4427-890b-ec506e2df1e7} ->  No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
C:\Program Files (x86)\Pando Networks
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
C:\Program Files\McAfee
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-01-19] ()
C:\WINDOWS\system32\drivers\hitmanpro37.sys
2015-01-20 00:47 - 2014-07-07 17:08 - 00000000 ____D () C:\Users\Dissident \AppData\Roaming\uTorrent
2015-01-19 23:15 - 2014-05-21 09:03 - 00000294 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2013-05-01 01:34 - 2012-09-07 03:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-05-01 01:34 - 2009-07-22 02:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-05-01 01:34 - 2012-09-07 03:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
EmptyTemp:




*****************

Restore point was successfully created.
"HKU\S-1-5-21-2761190101-3978823051-44143618-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b209d076-7809-11e4-bea2-bcee7b28bc31}" => Key deleted successfully.
HKCR\CLSID\{b209d076-7809-11e4-bea2-bcee7b28bc31} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dcad05e-3fa6-4427-890b-ec506e2df1e7}" => Key deleted successfully.
HKCR\CLSID\{1dcad05e-3fa6-4427-890b-ec506e2df1e7} => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.

"C:\Program Files (x86)\Pando Networks" directory move:

Could not move "C:\Program Files (x86)\Pando Networks" directory. => Scheduled to move on reboot.

HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected] => value deleted successfully.
"C:\Program Files\McAfee" => File/Directory not found.
hitmanpro37 => Service deleted successfully.
C:\WINDOWS\system32\drivers\hitmanpro37.sys => Moved successfully.
"C:\Users\Dissident \AppData\Roaming\uTorrent" => File/Directory not found.
C:\WINDOWS\Tasks\AutoKMS.job => Moved successfully.
C:\ProgramData\SetStretch.cmd => Moved successfully.
C:\ProgramData\SetStretch.exe => Moved successfully.
C:\ProgramData\SetStretch.VBS => Moved successfully.
EmptyTemp: => Removed 462.9 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-20 20:52:56)<=

C:\Program Files (x86)\Pando Networks => Is moved successfully.

==== End of Fixlog 20:52:56 ====

 

# AdwCleaner v4.108 - Report created 20/01/2015 at 20:57:57
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Dissident  - DISSIDENT
# Running from : C:\Users\Dissident \Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [1901 octets] - [19/01/2015 17:33:25]
AdwCleaner[R1].txt - [858 octets] - [19/01/2015 19:49:27]
AdwCleaner[R2].txt - [2224 octets] - [19/01/2015 23:13:01]
AdwCleaner[R3].txt - [1095 octets] - [20/01/2015 20:56:57]
AdwCleaner[S0].txt - [1873 octets] - [19/01/2015 17:36:03]
AdwCleaner[S1].txt - [918 octets] - [19/01/2015 19:51:15]
AdwCleaner[S2].txt - [2166 octets] - [19/01/2015 23:14:23]
AdwCleaner[S3].txt - [1017 octets] - [20/01/2015 20:57:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1077 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Dissidentÿ on Tue 01/20/2015 at 21:00:57.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Dissidentÿ\AppData\Roaming\mozilla\firefox\profiles\tys9uhyk.default\minidumps [172 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/20/2015 at 21:02:31.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-01-20 21:13:17
-----------------------------
21:13:17.475    OS Version: Windows x64 6.2.9200
21:13:17.475    Number of processors: 4 586 0x4501
21:13:17.475    ComputerName: DISSIDENT  UserName:
21:13:18.746    Initialize success
21:13:18.762    VM: initialized successfully
21:13:18.762    VM: Intel CPU supported
21:13:20.406    VM: disk I/O iaStorA.sys
21:13:40.719    AVAST engine defs: 15012001
21:14:12.991    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
21:14:12.993    Disk 0 Vendor: ST750LM022_HN-M750MBB 2AR20002 Size: 715404MB BusType: 11
21:14:13.304    Disk 0 MBR read successfully
21:14:13.305    Disk 0 MBR scan
21:14:13.310    Disk 0 unknown MBR code
21:14:13.315    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
21:14:13.403    Disk 0 scanning C:\WINDOWS\system32\drivers
21:14:33.429    Service scanning
21:15:00.974    Modules scanning
21:15:00.978    Disk 0 trace - called modules:
21:15:01.378    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
21:15:01.380    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0011451b060]
21:15:01.383    3 CLASSPNP.SYS[fffff80034b4827b] -> nt!IofCallDriver -> [0xffffe00112d9f500]
21:15:01.385    5 ACPI.sys[fffff800348657aa] -> nt!IofCallDriver -> [0xffffe00111f694a0]
21:15:01.388    7 ACPI.sys[fffff800348657aa] -> nt!IofCallDriver -> \Device\00000032[0xffffe00112bcd510]
21:15:01.726    AVAST engine scan C:\WINDOWS
21:15:04.061    AVAST engine scan C:\WINDOWS\system32
21:18:24.573    AVAST engine scan C:\WINDOWS\system32\drivers
21:18:39.823    AVAST engine scan C:\Users\Dissident
21:38:25.589    AVAST engine scan C:\ProgramData
21:39:03.308    Disk 0 statistics 4587795/0/0 @ 147.37 MB/s
21:39:03.312    Scan finished successfully
21:40:41.458    Disk 0 MBR has been saved successfully to "C:\Users\Dissident \Desktop\MBR.dat"
21:40:41.466    The log file has been saved successfully to "C:\Users\Dissident \Desktop\aswMBR.txt"


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Dissident  (administrator) on DISSIDENT on 20-01-2015 21:43:11
Running from C:\Users\Dissident \Desktop
Loaded Profiles: Dissident  (Available profiles: Dissident )
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
() C:\Program Files (x86)\ScreenCloud\ScreenCloud.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x64__8wekyb3d8bbwe\glcnd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AVAST Software) C:\Users\Dissident \Desktop\aswMBR.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-07-31] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe [817440 2014-01-21] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-18] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2761190101-3978823051-44143618-1002\...\Run: [ScreenCloud] => C:\Program Files (x86)\ScreenCloud\ScreenCloud.exe [1784165 2014-05-02] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\S-1-5-21-2761190101-3978823051-44143618-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 129.65.16.254 129.65.21.254

FireFox:
========
FF ProfilePath: C:\Users\Dissident \AppData\Roaming\Mozilla\Firefox\Profiles\tys9uhyk.default
FF DefaultSearchEngine: Google
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Adblock Plus - C:\Users\Dissident \AppData\Roaming\Mozilla\Firefox\Profiles\tys9uhyk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-19]
FF Extension: Greasemonkey - C:\Users\Dissident \AppData\Roaming\Mozilla\Firefox\Profiles\tys9uhyk.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-07-30]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-07-23] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] () [File not signed]
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-07-31] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-07-31] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-07-31] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-07-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-23] (ASUS Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-07-31] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-07-31] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-07-31] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-31] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 PlantronicsGC; C:\Windows\system32\drivers\PLTGC.sys [1327104 2013-10-08] (C-Media Electronics Inc)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-07-23] (Windows ® Win 7 DDK provider)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [460872 2013-03-08] (RTS Corporation)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-09-04] (Razer Inc)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-19] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
U3 aswMBR; \??\C:\Users\DISSID~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\DISSID~1\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 21:40 - 2015-01-20 21:40 - 00002080 _____ () C:\Users\Dissident \Desktop\aswMBR.txt
2015-01-20 21:40 - 2015-01-20 21:40 - 00000512 _____ () C:\Users\Dissident \Desktop\MBR.dat
2015-01-20 21:05 - 2015-01-20 21:05 - 05198336 _____ (AVAST Software) C:\Users\Dissident \Desktop\aswMBR.exe
2015-01-20 21:02 - 2015-01-20 21:02 - 00000765 _____ () C:\Users\Dissident \Desktop\JRT.txt
2015-01-20 21:00 - 2015-01-20 21:00 - 01707939 _____ (Thisisu) C:\Users\Dissident \Desktop\JRT.exe
2015-01-20 20:56 - 2015-01-20 20:56 - 02186752 _____ () C:\Users\Dissident \Desktop\AdwCleaner.exe
2015-01-20 15:51 - 2015-01-20 15:51 - 00000328 _____ () C:\Users\Dissident \Desktop\ckfiles.txt
2015-01-20 15:50 - 2015-01-20 15:50 - 00468480 _____ () C:\Users\Dissident \Desktop\CKScanner.exe
2015-01-20 09:31 - 2015-01-20 09:32 - 00033923 _____ () C:\Users\Dissident \Desktop\Addition.txt
2015-01-20 09:30 - 2015-01-20 21:43 - 00016223 _____ () C:\Users\Dissident \Desktop\FRST.txt
2015-01-20 09:30 - 2015-01-20 21:43 - 00000000 ____D () C:\FRST
2015-01-20 09:30 - 2015-01-20 09:30 - 02126848 _____ (Farbar) C:\Users\Dissident \Desktop\FRST64.exe
2015-01-20 00:44 - 2015-01-20 00:44 - 00000000 ____D () C:\ProgramData\Steam
2015-01-20 00:43 - 2015-01-20 00:43 - 00000000 ____D () C:\Users\Dissident \Documents\My Games
2015-01-20 00:43 - 2015-01-20 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yaiba Ninja Gaiden Z
2015-01-20 00:43 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2015-01-20 00:43 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2015-01-20 00:43 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2015-01-20 00:43 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2015-01-20 00:43 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2015-01-20 00:43 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2015-01-20 00:43 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2015-01-20 00:38 - 2015-01-20 00:43 - 00000000 ____D () C:\Program Files (x86)\Yaiba Ninja Gaiden Z
2015-01-20 00:06 - 2015-01-20 00:33 - 00000000 ____D () C:\Users\Dissident \Downloads\Yaiba Ninja Gaiden Z_RePack by SEYTER
2015-01-19 23:47 - 2015-01-19 23:47 - 00127790 _____ () C:\Users\Dissident \Downloads\OTL.Txt
2015-01-19 23:47 - 2015-01-19 23:47 - 00062306 _____ () C:\Users\Dissident \Downloads\Extras.Txt
2015-01-19 23:39 - 2015-01-19 23:39 - 00602112 _____ (OldTimer Tools) C:\Users\Dissident \Downloads\OTL.exe
2015-01-19 23:38 - 2015-01-19 23:38 - 00042497 _____ () C:\Users\Dissident \Documents\24kpwn.jpeg
2015-01-19 23:21 - 2015-01-19 23:21 - 00000000 ____D () C:\Users\Dissident \AppData\Local\CrashDumps
2015-01-19 23:20 - 2015-01-19 23:20 - 01707939 _____ (Thisisu) C:\Users\Dissident \Downloads\JRT.exe
2015-01-19 23:15 - 2015-01-20 21:03 - 00001795 _____ () C:\WINDOWS\setupact.log
2015-01-19 23:15 - 2015-01-19 23:15 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-19 23:14 - 2015-01-20 20:58 - 00003428 _____ () C:\WINDOWS\PFRO.log
2015-01-19 23:12 - 2015-01-19 23:12 - 02186752 _____ () C:\Users\Dissident \Downloads\AdwCleaner(1).exe
2015-01-19 23:05 - 2015-01-19 23:10 - 00000000 ____D () C:\Users\Dissident \AppData\Roaming\DAEMON Tools Lite
2015-01-19 23:05 - 2015-01-19 23:10 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-19 22:59 - 2015-01-19 22:59 - 00000000 ____D () C:\Users\Dissident \AppData\Roaming\PowerISO
2015-01-19 22:55 - 2015-01-19 22:55 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2015-01-19 22:54 - 2015-01-19 22:54 - 01640984 _____ () C:\Users\Dissident \Downloads\SetupVirtualCloneDrive5470.exe
2015-01-19 21:42 - 2015-01-19 21:43 - 00000000 ____D () C:\Users\Dissident \Downloads\Microsoft Toolkit 2.3.2 For Office 2010 and Windows [h33t][iahq76]
2015-01-19 21:05 - 2015-01-20 20:58 - 00192946 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-19 19:49 - 2015-01-19 19:49 - 02186752 _____ () C:\Users\Dissident \Downloads\AdwCleaner.exe
2015-01-19 19:29 - 2015-01-19 19:29 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-01-19 19:29 - 2015-01-19 19:29 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-19 19:14 - 2015-01-19 19:14 - 00001274 _____ () C:\WINDOWS\system32\.crusader
2015-01-19 18:13 - 2015-01-19 18:13 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\qfymyel.sys
2015-01-19 18:05 - 2015-01-19 18:05 - 02347384 _____ (ESET) C:\Users\Dissident \Downloads\esetsmartinstaller_enu.exe
2015-01-19 18:05 - 2015-01-19 18:05 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-19 18:01 - 2015-01-19 18:37 - 00000000 ____D () C:\Program Files\9-lab
2015-01-19 18:01 - 2015-01-19 18:01 - 00000000 ____D () C:\Users\Dissident \AppData\Roaming\9-lab
2015-01-19 18:01 - 2015-01-19 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2015-01-19 18:01 - 2015-01-19 18:01 - 00000000 ____D () C:\ProgramData\9-lab
2015-01-19 17:45 - 2015-01-19 17:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-19 17:40 - 2015-01-19 19:21 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-01-19 17:40 - 2015-01-19 17:40 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2015-01-19 17:39 - 2015-01-19 17:39 - 00753184 _____ () C:\Users\Dissident \Downloads\Adware-Removal-Tool-v3.9.1.exe
2015-01-19 17:33 - 2015-01-20 20:57 - 00000000 ____D () C:\AdwCleaner
2015-01-19 17:33 - 2015-01-19 17:33 - 02186752 _____ () C:\Users\Dissident \Downloads\adwcleaner_4.108.exe
2015-01-19 17:30 - 2015-01-19 17:30 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-19 17:28 - 2015-01-19 17:28 - 00038152 _____ () C:\Users\Dissident \Downloads\Result.txt
2015-01-19 17:26 - 2015-01-19 23:34 - 00000090 _____ () C:\Users\Dissident \Documents\BleepingComputer.txt
2015-01-19 17:10 - 2015-01-19 19:14 - 00000000 ____D () C:\Program Files (x86)\unissalEEs
2015-01-19 17:10 - 2015-01-19 19:14 - 00000000 ____D () C:\Program Files (x86)\unaisales
2015-01-19 10:51 - 2015-01-20 09:45 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-19 10:51 - 2015-01-19 10:51 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-14 12:23 - 2014-12-18 22:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 12:23 - 2014-12-11 18:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 12:23 - 2014-12-08 17:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 12:23 - 2014-12-05 19:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 12:23 - 2014-12-05 17:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 12:23 - 2014-10-28 17:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 12:23 - 2014-10-28 17:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-14 12:22 - 2014-12-11 16:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 12:22 - 2014-12-08 11:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 12:22 - 2014-12-08 11:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 12:22 - 2014-12-08 11:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 12:22 - 2014-12-08 11:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 12:22 - 2014-12-08 11:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 12:22 - 2014-12-08 11:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 12:22 - 2014-12-08 11:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 12:22 - 2014-12-08 11:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 12:22 - 2014-12-05 17:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 12:22 - 2014-10-28 20:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 12:22 - 2014-10-28 20:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 12:22 - 2014-10-28 19:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 12:22 - 2014-10-28 19:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 12:22 - 2014-10-28 19:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 12:22 - 2014-10-28 19:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 12:22 - 2014-10-28 19:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 12:22 - 2014-10-28 19:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 12:22 - 2014-10-28 19:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 12:22 - 2014-10-28 19:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 12:22 - 2014-10-28 19:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 12:22 - 2014-10-28 18:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 12:22 - 2014-10-28 17:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 12:22 - 2014-10-28 17:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-13 11:02 - 2015-01-13 11:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-11 13:56 - 2012-03-06 02:09 - 00000000 ____D () C:\Users\Dissident \Downloads\Fort Minor - We Major Limited Edition (DatPiff.com)
2015-01-11 01:16 - 2015-01-11 01:16 - 513687476 _____ () C:\Users\Dissident \Downloads\Rebel%20Era.zip
2015-01-11 01:16 - 2015-01-11 01:16 - 172096120 _____ () C:\Users\Dissident \Downloads\GRIZ%20-%20MAD%20LIBERATION%20ALBUM.zip
2015-01-11 01:13 - 2015-01-11 01:21 - 153601768 _____ () C:\Users\Dissident \Downloads\Itsu - Sublimate - 2012 - FLAC.zip
2015-01-02 21:58 - 2015-01-02 21:58 - 00000054 _____ () C:\Users\Dissident \Documents\Music.txt
2015-01-01 13:08 - 2015-01-01 13:08 - 00000000 ____D () C:\Users\Dissident \Downloads\Youre.Next.2011.720p.BRRip.AC3.x264-WEEDMADE[et]
2015-01-01 12:48 - 2015-01-01 12:48 - 00000000 ____D () C:\Users\Dissident \Downloads\The.Guest.2014.HDRip.XviD.MP3-RARBG
2014-12-31 18:34 - 2014-12-31 18:34 - 00012302 _____ () C:\Users\Dissident \Documents\y9EiLZzX.jpeg
2014-12-26 18:47 - 2014-12-26 19:05 - 00000000 ____D () C:\Users\Dissident \Downloads\of Montreal
2014-12-26 00:16 - 2014-12-26 01:50 - 00000000 ____D () C:\Users\Dissident \Downloads\The Interview (2014) 720p WEBRip x264  - Detor
2014-12-24 23:03 - 2014-12-24 23:08 - 00000000 ____D () C:\Users\Dissident \Downloads\Neighbors (2014)
2014-12-24 23:00 - 2014-12-24 23:01 - 00000000 ____D () C:\Users\Dissident \Downloads\Radio Moscow - Magical Dirt (2014) [email protected] Beolab1700
2014-12-24 23:00 - 2014-12-24 23:01 - 00000000 ____D () C:\Users\Dissident \Downloads\Radio Moscow - 3 and 3 Quarters (2012)  [email protected] Beolab1700

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 21:39 - 2014-05-28 15:01 - 00000000 ____D () C:\Users\Dissident \AppData\Roaming\vlc
2015-01-20 21:39 - 2014-05-19 16:46 - 00000000 ____D () C:\Users\Dissident \AppData\Roaming\Skype
2015-01-20 21:05 - 2014-05-19 16:38 - 00000062 _____ () C:\Users\Dissident \AppData\Roaming\sp_data.sys
2015-01-20 21:03 - 2014-03-18 02:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-20 21:03 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-20 21:02 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-20 20:52 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-01-20 15:51 - 2014-01-04 12:21 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-01-20 15:51 - 2014-01-04 12:21 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-01-20 09:37 - 2014-05-19 17:53 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2761190101-3978823051-44143618-1002
2015-01-20 00:47 - 2014-07-07 17:08 - 00000000 ____D () C:\Users\Dissident \AppData\Roaming\uTorrent
2015-01-20 00:23 - 2014-07-19 12:32 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-19 19:54 - 2014-06-04 13:43 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-19 17:45 - 2014-07-19 12:32 - 00097496 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-19 17:37 - 2013-08-22 05:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-19 17:13 - 2014-05-20 13:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-19 00:38 - 2014-10-14 18:59 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-01-15 07:52 - 2014-05-19 16:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-14 13:36 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-14 13:35 - 2014-05-20 02:15 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 13:31 - 2014-05-20 02:15 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-05 16:08 - 2013-08-22 07:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-05 16:08 - 2013-08-22 07:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-02 17:24 - 2014-01-04 11:57 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-02 10:54 - 2014-09-20 11:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-02 10:54 - 2014-05-19 16:46 - 00000000 ____D () C:\ProgramData\Skype
2014-12-31 03:14 - 2014-05-20 01:52 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======
2014-05-19 16:38 - 2015-01-20 21:05 - 0000062 _____ () C:\Users\Dissident \AppData\Roaming\sp_data.sys
2014-05-21 14:18 - 2014-05-21 14:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Dissident \AppData\Local\Temp\Quarantine.exe
C:\Users\Dissident \AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-11 13:29

==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Dissident  at 2015-01-20 21:43:30
Running from C:\Users\Dissident \Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2761190101-3978823051-44143618-1002\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.5 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.7 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5710.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.310 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.0.0.2023 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1550 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Plantronics® GameCom 780/788 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.20.0001 - Plantronics)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.16.614.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21224 - Realtek Semiconductor Corp.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
ScreenCloud (HKLM-x32\...\{CFD5745C-290C-4C48-AC2A-08F1E7B5796B}) (Version: 1.1.6 - Olav Sortland Thoresen)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (09/17/2013 1.0.0.186) (HKLM\...\D9E691DCEE7D3B9B7C62A7F5C2EAABBB9335DC9A) (Version: 09/17/2013 1.0.0.186 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Yaiba Ninja Gaiden Z, âåðñèÿ 1.0.0.0 (HKLM-x32\...\Yaiba Ninja Gaiden Z_is1) (Version: 1.0.0.0 - RePack by SEYTER)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2761190101-3978823051-44143618-1002_Classes\CLSID\{5F63E8CB-8F57-490A-97FE-62BC2F2A5EA4}\InprocServer32 -> No File Path

==================== Restore Points  =========================

02-01-2015 17:23:22 Removed JMP
10-01-2015 01:55:50 Scheduled Checkpoint
14-01-2015 13:30:08 Windows Update
19-01-2015 19:12:47 Checkpoint by HitmanPro
20-01-2015 20:51:11 Restore Point Created by FRST

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00894ACE-AC8A-41B0-BB43-7B587FF97FA6} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {1B71BF62-0E0B-4D15-9F07-209FC829988E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {38B8C3C1-DBCE-49D2-B1BD-2680AACDCFD8} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {4FCCAD0E-B77D-4650-B446-56AFCD3EB224} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {60D4EE0C-EF7F-4958-B2A0-A44FEDA18FFC} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-07-09] ()
Task: {6B8CF48A-3A0B-4C89-AF5B-9DF8D4DF97F3} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {A1FE3036-E2BD-4290-8C64-F383308A44FB} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-08-19] (ASUS)
Task: {A23B7FF5-DE25-400A-9E6A-F2F67CBB8165} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {A57D15B4-4EA8-46B5-945E-C6913DB0EE08} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-09-23] (AsusTek)
Task: {C3547454-5053-4443-914C-B51B11AC9AB9} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-29] (ASUSTek Computer Inc.)
Task: {CBB99F41-A0F1-4097-90D6-2E0F7A15F738} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CD480DB0-19BD-4EA4-AF01-10D92469B42F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-19] (Adobe Systems Incorporated)
Task: {D6F02E04-6CF1-488A-9924-F34463A7256F} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-08-16] (ASUSTeK Computer Inc.)
Task: {E22E4FCD-716F-4EBD-8CD3-D666426278EC} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-07-23] (ASUS)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-12-10 07:13 - 2014-03-04 06:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-05-21 14:17 - 2014-03-04 05:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-22 10:49 - 2014-09-22 10:49 - 00034304 _____ () C:\WINDOWS\System32\ssj2mlm.dll
2012-12-18 22:10 - 2012-12-18 22:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2013-07-23 09:54 - 2013-07-23 09:54 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 20:38 - 2010-03-24 20:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-14 23:51 - 2014-01-21 16:41 - 00817440 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
2014-05-02 13:27 - 2014-05-02 13:27 - 01784165 _____ () C:\Program Files (x86)\ScreenCloud\ScreenCloud.exe
2013-08-19 17:16 - 2013-08-19 17:16 - 00015440 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-08-16 10:03 - 2013-08-16 10:03 - 00023040 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-12-14 23:51 - 2014-01-21 16:41 - 00149792 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\VmixPLGC.dll
2014-03-30 10:13 - 2014-03-30 10:13 - 00645632 _____ () C:\Program Files (x86)\ScreenCloud\QxtGui.dll
2014-03-30 10:13 - 2014-03-30 10:13 - 00350080 _____ () C:\Program Files (x86)\ScreenCloud\libquazip.dll
2014-03-30 10:13 - 2014-03-30 10:13 - 00112142 _____ () C:\Program Files (x86)\ScreenCloud\libgcc_s_dw2-1.dll
2014-03-30 10:13 - 2014-03-30 10:13 - 01000974 _____ () C:\Program Files (x86)\ScreenCloud\libstdc++-6.dll
2014-05-03 11:41 - 2014-05-03 11:41 - 10188997 _____ () C:\Program Files (x86)\ScreenCloud\libPythonQt.dll
2014-03-30 10:13 - 2014-03-30 10:13 - 00445440 _____ () C:\Program Files (x86)\ScreenCloud\QxtCore.dll
2014-03-30 10:13 - 2014-03-30 10:13 - 01863207 _____ () C:\Program Files (x86)\ScreenCloud\libpython2.7.dll
2013-05-25 20:23 - 2013-05-25 20:23 - 00159818 _____ () C:\Program Files (x86)\ScreenCloud\zlib.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00112919 _____ () C:\Program Files (x86)\ScreenCloud\operator.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00087626 _____ () C:\Program Files (x86)\ScreenCloud\_functools.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00090550 _____ () C:\Program Files (x86)\ScreenCloud\_locale.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 01396270 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_hashlib.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00149688 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\math.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00104921 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\binascii.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00089086 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_random.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00201987 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_collections.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00128525 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\itertools.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00093110 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_heapq.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00108774 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\time.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00113692 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_struct.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00094371 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\cStringIO.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00343741 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_socket.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 02056351 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_ssl.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00120766 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\array.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00086445 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\select.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00655558 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_ctypes.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00238902 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_io.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00286073 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\datetime.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00223899 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_winreg.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00117282 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_json.pyd
2015-01-13 11:02 - 2015-01-13 11:02 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-10 07:13 - 2014-03-04 06:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 20:17 - 2010-03-24 20:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-01-04 12:02 - 2013-05-31 13:30 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2761190101-3978823051-44143618-500 - Administrator - Disabled)
Dissident  (S-1-5-21-2761190101-3978823051-44143618-1002 - Administrator - Enabled) => C:\Users\Dissident
Guest (S-1-5-21-2761190101-3978823051-44143618-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/20/2015 09:33:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/20/2015 09:03:18 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]


System errors:
=============
Error: (01/20/2015 09:31:38 PM) (Source: DCOM) (EventID: 10010) (User: Dissident)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/20/2015 09:03:55 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (01/20/2015 09:33:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (01/20/2015 09:03:18 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]


CodeIntegrity Errors:
===================================
  Date: 2015-01-20 21:32:59.670
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-20 09:38:37.582
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-19 21:38:42.227
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-16 12:55:53.252
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-05 15:25:04.199
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 19:28:28.951
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-15 13:20:52.635
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-14 20:28:02.555
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-30 11:32:48.008
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-29 11:26:17.442
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 33%
Total physical RAM: 8075.46 MB
Available physical RAM: 5403.04 MB
Total Pagefile: 9355.46 MB
Available Pagefile: 6622.01 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.01 GB) (Free:163.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:398.07 GB) (Free:397.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: DFCAAEF7)

Partition: GPT Partition Type.

==================== End Of Log ============================


Edited by 0x24000, 20 January 2015 - 11:44 PM.

  • 0

#8
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks for the info. A little more to clean up and then some other scans to ensure nothing else is lurking about. Please do the following.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   998bytes   44 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#2 - Security Check
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

 

Step#3 - Malwarebytes Scan

  • Please open Malwarebytes as I see you have it already installed.
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • RootKitCheckBox.JPG
     
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • If anything is detected, there will be an Apply Actions button. Please click this.
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

 

Step#4 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 
Items for your next post

1. FRST Fix log

2. Security Check log

3. MBAM log
4. Contents of the ESET log file

 

 

 


  • 1

#9
0x24000

0x24000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Dissident  at 2015-01-21 12:45:35 Run:2
Running from C:\Users\Dissident \Desktop
Loaded Profiles: Dissident  (Available profiles: Dissident )
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
2015-01-19 21:42 - 2015-01-19 21:43 - 00000000 ____D () C:\Users\Dissident \Downloads\Microsoft Toolkit 2.3.2 For Office 2010 and Windows [h33t][iahq76]
2015-01-19 17:40 - 2015-01-19 19:21 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-01-19 18:01 - 2015-01-19 18:37 - 00000000 ____D () C:\Program Files\9-lab
2015-01-19 18:01 - 2015-01-19 18:01 - 00000000 ____D () C:\Users\Dissident \AppData\Roaming\9-lab
2015-01-19 18:01 - 2015-01-19 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2015-01-19 18:01 - 2015-01-19 18:01 - 00000000 ____D () C:\ProgramData\9-lab
2015-01-19 17:39 - 2015-01-19 17:39 - 00753184 _____ () C:\Users\Dissident \Downloads\Adware-Removal-Tool-v3.9.1.exe
Task: {00894ACE-AC8A-41B0-BB43-7B587FF97FA6} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
cmd: licensingdiag.exe -report %userprofile%\Desktop\results.txt -log %userprofile%\Desktop\repfiles.cab
EmptyTemp:


*****************

Restore point was successfully created.
"C:\Users\Dissident \Downloads\Microsoft Toolkit 2.3.2 For Office 2010 and Windows [h33t][iahq76]" => File/Directory not found.
C:\Program Files\Adware-Removal-Tool => Moved successfully.
C:\Program Files\9-lab => Moved successfully.
"C:\Users\Dissident \AppData\Roaming\9-lab" => File/Directory not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool => Moved successfully.
C:\ProgramData\9-lab => Moved successfully.
"C:\Users\Dissident \Downloads\Adware-Removal-Tool-v3.9.1.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{00894ACE-AC8A-41B0-BB43-7B587FF97FA6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00894ACE-AC8A-41B0-BB43-7B587FF97FA6}" => Key deleted successfully.
C:\Windows\System32\Tasks\AutoKMS => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.

=========  licensingdiag.exe -report %userprofile%\Desktop\results.txt -log %userprofile%\Desktop\repfiles.cab =========

The operation completed successfully.


========= End of CMD: =========

EmptyTemp: => Removed 675.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 12:46:14 ====

 

 Results of screen317's Security Check version 0.99.94  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     16.0.0.257  
 Mozilla Firefox (35.0)
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/21/2015
Scan Time: 12:51:58 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.21.10
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: DissidentÂ

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339644
Time Elapsed: 8 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

--

 

Doing the ESET scan right now.


Edited by 0x24000, 21 January 2015 - 03:20 PM.

  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks for the update. Things are looking good. Can you post the contents of the Result.txt file that is on your desktop as well?


  • 1

Advertisements


#11
0x24000

0x24000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

<DiagReport>
<LicensingData>
  <ToolVersion>6.3.9600.16384</ToolVersion>
  <LicensingStatus>SL_LICENSING_STATUS_LICENSED</LicensingStatus>
  <LicensingStatusReason>0x00000000</LicensingStatusReason>
  <LocalGenuineState>SL_GEN_STATE_IS_GENUINE</LocalGenuineState>
  <LocalGenuineResultP>1</LocalGenuineResultP>
  <LastOnlineGenuineResult>0x00000000</LastOnlineGenuineResult>
  <GraceTimeMinutes>0</GraceTimeMinutes>
  <TotalGraceDays>0</TotalGraceDays>
  <ValidityExpiration></ValidityExpiration>
  <ActivePartialProductKey>27GBG</ActivePartialProductKey>
  <ActiveProductKeyPid2>00179-60980-76645-AAOEM</ActiveProductKeyPid2>
  <OSVersion>6.3.9600.2.00010300.0.0.101</OSVersion>
  <ProductName>Windows 8.1</ProductName>
  <ProcessorArchitecture>x64</ProcessorArchitecture>
  <EditionId>Core</EditionId>
  <BuildLab>9600.winblue_r3.140827-1500</BuildLab>
  <TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone>
  <ActiveSkuId>9e4b231b-3e45-41f4-967f-c914f178b6ac</ActiveSkuId>
  <ActiveSkuDescription>Windows® Operating System, OEM_DM channel</ActiveSkuDescription>
  <ProductUniquenessGroups>55c92734-d682-4d71-983e-d6ec3f16059f</ProductUniquenessGroups>
  <ActiveProductKeyPKeyId>bcc85813-a4f8-7edd-216d-06fc707dfcdd</ActiveProductKeyPKeyId>
  <ActiveProductKeyPidEx>06401-01796-098-076645-02-1033-9600.0000-1412014</ActiveProductKeyPidEx>
  <ActiveProductKeyChannel>OEM:DM</ActiveProductKeyChannel>
  <ActiveVolumeCustomerPid></ActiveVolumeCustomerPid>
  <OfflineInstallationId>377500606614321974793591818103785350050005230545407534425364805</OfflineInstallationId>
  <DomainJoined>false</DomainJoined>
  <ComputerSid>S-1-5-21-2761190101-3978823051-44143618</ComputerSid>
  <ProductLCID>1033</ProductLCID>
  <UserLCID>1033</UserLCID>
  <SystemLCID>1033</SystemLCID>
  <CodeSigning>SIGNED_INFO_PRS_SIGNED</CodeSigning>
  <ServiceAvailable>true</ServiceAvailable>
  <OemMarkerVersion></OemMarkerVersion>
  <OemId></OemId>
  <OemTableId></OemTableId>
  <Manufacturer>ASUSTeK COMPUTER INC.</Manufacturer>
  <Model>X550LB</Model>
  <InstallDate>20140521153633.000000-420</InstallDate>
</LicensingData>
<HealthCheck>
  <Result>PASS</Result>
  <TamperedItems></TamperedItems>
</HealthCheck>
<GenuineAuthz>
  <ServerProps>GenuineId=55c92734-d682-4d71-983e-d6ec3f16059f;OemId=A264;OptionalInfoId=t6Dix3g1HAS3JTxwHB3K8pLG0vulECyykXTfXjW3c1e+0DMKc4PzdY0Gs/SZTWdU;Pid=MCmQK+TwUbzYcwHYaHcv2WSFcibrIJz1vDiSI9UiKEw=;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;TimeStampServer=2014-05-19T14:55:54Z;</ServerProps>
</GenuineAuthz>
</DiagReport>

 

 

 

Still running the ESET lol. Going to take awhile.


  • 0

#12
0x24000

0x24000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5dbe4203419821429884facc84e2e421
# engine=22049
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-20 08:22:26
# local_time=2015-01-20 12:22:26 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 11960065 0 0
# scanned=189092
# found=10
# cleaned=10
# scan_time=3865
sh=B9A41B6B2CC08C924C65FD1D9243BF2352F83422 ft=1 fh=c71c00113ff8c156 vn="a variant of Win32/Toolbar.Montiera.Y potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Dissident \AppData\Local\StartPoint\startpoint\1.3.18.7\gboolejj.dll.vir"
sh=0C956D4D6A3D5FC39B0B0833BB06722478BD05DD ft=1 fh=a88130de96f1b7bb vn="a variant of Win32/Toolbar.Montiera.Q potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Dissident \AppData\Local\StartPoint\startpoint\1.3.18.7\startpoint.exe.vir"
sh=E54885522D699C3E1394948B7A5446E194D050C7 ft=1 fh=ec5fb98eba8a09cc vn="a variant of Win32/Toolbar.Montiera.R potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Dissident \AppData\Local\StartPoint\startpoint\1.3.18.7\startup.exe.vir"
sh=40CE0A58E99858007E5DCD0BB5BF6A122686A917 ft=1 fh=f92770b35775886c vn="Win32/Somoto.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dissident \AppData\Local\Microsoft\Windows\INetCache\IE\CLKP445V\BiTool[1].dll"
sh=61F74C06978FE43B09670252E8D465A360A84436 ft=1 fh=a34e2b594446e3d8 vn="Win32/Somoto.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dissident \AppData\Local\Microsoft\Windows\INetCache\IE\WH1VZHOP\setup[1].exe"
sh=40CE0A58E99858007E5DCD0BB5BF6A122686A917 ft=1 fh=f92770b35775886c vn="Win32/Somoto.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dissident \AppData\Local\Temp\bitool.dll"
sh=61F74C06978FE43B09670252E8D465A360A84436 ft=1 fh=a34e2b594446e3d8 vn="Win32/Somoto.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dissident \AppData\Local\Temp\nsm8294.tmp"
sh=A01CAE4A9C48BEB8A490C3E88CB03F9B95C31671 ft=1 fh=5c1219a5576ddaa1 vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dissident \AppData\Local\Temp\sp-downloader.exe"
sh=E750C443A83F9B135B499E7917C5A93120384BB3 ft=1 fh=4eedbac881d1fc72 vn="Win32/DownWare.L potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dissident \Downloads\DTLite4491-0356.exe"
sh=4BD3C4C36BF12121406CAF47D1F487E0DC5D3E8C ft=1 fh=0585296d087c6f3b vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dissident \Downloads\PowerISO6-x64.exe"
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5dbe4203419821429884facc84e2e421
# engine=22082
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-21 10:53:17
# local_time=2015-01-21 02:53:17 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 12098716 0 0
# scanned=185597
# found=0
# cleaned=0
# scan_time=5720
 


  • 0

#13
0x24000

0x24000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Please let me know any further instructions or if I'm 300% clean when you get the chance. :P 


  • 0

#14
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK! Well done, your computer is clean again! :thumbsup: 300% in fact! Part of our jobs here at G2G is to help you clean your computer. But beyond that and just as important is to provide you with some information to keep you safe and secure on the net as well as to share knowledge. Following is that information.
 
 
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any  other .bat, .log, .reg, .txt,  and any other files created during this process, and left on the desktop and empty the Recycle Bin.
 
2. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 
 
3. Keep Adobe Reader Updated
Check to see what the latest major version of Adobe Reader is here. The full version is something like 11.0.06 for example but the major version is just the first number before the period so 11 in this case or XI.
Verify what version you have by doing the following.
1. Open Adobe Reader
2. Click Help on the menu at the top
3. Select About Adobe Reader
If your major version matches the major version from Adobe then perform the following steps.
1. Open Adobe Reader
2. Click Help on the menu at the top
3. Click Check for Updates
4. Allow any Updates to be downloaded and installed
5. If asked to reboot, please do.
6. Repeat these steps until you are told that no updates are available.
If your major version is lower than the major version from Adobe then perform the following steps.
1. Uninstall Adobe Reader. Click here for instructions on how to uninstall a program.
2. Install the newest version from this website.
Note: Make sure to uncheck the Optional Offer (i.e. Google Chrome, Google Toolbar) unless you really want it.
NOTE: You should disable JavaScript in the program as this is a highly exploitable method for the bad guys to get in your machine. Follow these instructions to disable it in Adobe Reader.
1. Open Adobe Reader
2. Select Edit from the menu and select Preferences
3. Click on JavaScript in the left column and uncheck Enable Acrobat JavaScript.
4. Click OK and close the program.
NOTE: Many installers, including Adobe Reader, offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.
 
4. Antimalware- Preventative

Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is an anti-malware software and not an antivirus software so it won't conflict with the Antivirus that you are running. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.
 
5. Crypto Warning!!!! - Complete Data Loss can occur!
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.
New strains of this are coming out all the time. In fact a very new strain called VirRansom (which is a hybrid of CrytoLocker and CryptoWall) has recently been identified and it's a true self-replicating parasitic virus.

 

  • Download CryptoPrevent free for home use here following the instructions below.
  • Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will then be prompted to apply all default protections. Answer Yes.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
  • That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
 
Updates.JPG
 
 
6. Adobe Flash Player
There's a very nasty piece of malware going around right now called Cryptowall. It's very destructive and most recently the newest variant is exploiting unpatched versions of Adobe Flash. Let's make sure you get current.

 

1. Determine if you have the most current version by going to this website. If your version represented by the top box matches the version in the bottom box you are current.
VerifyVersion.JPG
 
2. If your version is older than the current then click on the Player Download Center link (shown in the screen shot above).
3. You will be brought to the install/update page. Ensure you uncheck any optional offers (unless you want them of course) and then click on Install Now.
Install.JPG
 
4. You may be prompted to run the installer. Go ahead and do this.
5. When it's complete, click Finish. You now have the latest version. You can verify by going back to this website if you feel the need.
 
 
For more information about computer security and how to protect yourself when on the internet, please read this guide Best Practices for Safe Computing
 
OK, all the best, and stay safe!
 
Items for your next post
1. Contents of the delfix log


  • 1

#15
0x24000

0x24000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

# DelFix v10.8 - Logfile created 22/01/2015 at 11:16:37
# Updated 29/07/2014 by Xplode
# Username : Dissident  - DISSIDENT
# Operating System : Windows 8.1  (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.3.0.0.42_19.01.2015_19.46.38_log.txt
Deleted : C:\Users\Dissident \Desktop\Addition.txt
Deleted : C:\Users\Dissident \Desktop\AdwCleaner.exe
Deleted : C:\Users\Dissident \Desktop\aswMBR.exe
Deleted : C:\Users\Dissident \Desktop\aswMBR.txt
Deleted : C:\Users\Dissident \Desktop\CKScanner.exe
Deleted : C:\Users\Dissident \Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Dissident \Desktop\Fixlog.txt
Deleted : C:\Users\Dissident \Desktop\FRST.txt
Deleted : C:\Users\Dissident \Desktop\FRST64.exe
Deleted : C:\Users\Dissident \Desktop\JRT.exe
Deleted : C:\Users\Dissident \Desktop\JRT.txt
Deleted : C:\Users\Dissident \Desktop\MBR.dat
Deleted : C:\Users\Dissident \Desktop\SecurityCheck.exe
Deleted : C:\Users\Dissident \Downloads\AdwCleaner(1).exe
Deleted : C:\Users\Dissident \Downloads\AdwCleaner.exe
Deleted : C:\Users\Dissident \Downloads\adwcleaner_4.108.exe
Deleted : C:\Users\Dissident \Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Dissident \Downloads\Extras.Txt
Deleted : C:\Users\Dissident \Downloads\JRT.exe
Deleted : C:\Users\Dissident \Downloads\OTL.Txt
Deleted : C:\Users\Dissident \Downloads\OTL.exe
Deleted : C:\Users\Dissident \Downloads\Result.txt
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #39 [Removed JMP | 01/03/2015 01:23:22]
Deleted : RP #40 [Scheduled Checkpoint | 01/10/2015 09:55:50]
Deleted : RP #41 [Windows Update | 01/14/2015 21:30:08]
Deleted : RP #43 [Checkpoint by HitmanPro | 01/20/2015 03:12:47]
Deleted : RP #45 [Restore Point Created by FRST | 01/21/2015 04:51:11]
Deleted : RP #47 [Restore Point Created by FRST | 01/21/2015 20:45:38]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

You have version 16,0,0,257 installed - Adobe Flash.

 

Thanks so much for assisting me though this. I really appreciate it. :)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP