Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected - 0x24000 [Solved]


  • This topic is locked This topic is locked

#31
0x24000

0x24000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Message deleted.


Edited by 0x24000, 07 February 2015 - 06:06 PM.

  • 0

Advertisements


#32
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

I'm still waiting for you to do Steps#2, 3 & 4.


  • 1

#33
0x24000

0x24000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
Ran by Dissident  at 2015-02-07 15:52:16 Run:1
Running from C:\Users\Dissident \Desktop
Loaded Profiles: Dissident  (Available profiles: Dissident )
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
cmd:move C:\Users\Dissident \Desktop\hosts C:\windows\System32\Drivers\Etc

*****************


========= move C:\Users\Dissident \Desktop\hosts C:\windows\System32\Drivers\Etc =========

The syntax of the command is incorrect.

========= End of CMD: =========


==== End of Fixlog 15:52:16 ====

 

I think I'm infected again because this showed up.

 

 

 

https://imgur.com/izw2mKz

 

Doing 3rd step right now.


Edited by 0x24000, 07 February 2015 - 06:07 PM.

  • 0

#34
0x24000

0x24000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Farbar Recovery Scan Tool (x64) Version: 07-02-2015
Ran by Dissident  at 2015-02-07 15:55:22
Running from C:\Users\Dissident \Desktop
Boot Mode: Normal

================== Search Registry: "Chrome" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\No Chrome Offer Until]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"ap"="-dev-multi-chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap"="2.0-dev-multi-chrome"

====== End Of Search ======


  • 0

#35
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thank you. Now let's get another FRST scan and see what infection you have.

 

Step#1 - FRST Scan
1. Right click on FRST64.exe and select run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.


  • 1

#36
0x24000

0x24000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Here's the scan. If you have a Skype, please PM me or something so we can solve this quickly. (If you're ok with that.)

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015
Ran by Dissident  at 2015-02-07 16:10:59
Running from C:\Users\Dissident \Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2761190101-3978823051-44143618-1002\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.5 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.7 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5710.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.310 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.0.0.2023 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1550 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Plantronics® GameCom 780/788 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.20.0001 - Plantronics)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.16.614.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21224 - Realtek Semiconductor Corp.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
ScreenCloud (HKLM-x32\...\{CFD5745C-290C-4C48-AC2A-08F1E7B5796B}) (Version: 1.1.6 - Olav Sortland Thoresen)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (09/17/2013 1.0.0.186) (HKLM\...\D9E691DCEE7D3B9B7C62A7F5C2EAABBB9335DC9A) (Version: 09/17/2013 1.0.0.186 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Yaiba Ninja Gaiden Z, âåðñèÿ 1.0.0.0 (HKLM-x32\...\Yaiba Ninja Gaiden Z_is1) (Version: 1.0.0.0 - RePack by SEYTER)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2761190101-3978823051-44143618-1002_Classes\CLSID\{5F63E8CB-8F57-490A-97FE-62BC2F2A5EA4}\InprocServer32 -> No File Path

==================== Restore Points  =========================

22-01-2015 11:17:02 End of disinfection
27-01-2015 22:41:23 Windows Update
06-02-2015 10:32:10 Windows Update

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {073FE8A2-F1BF-4DAA-80D2-F6083313FA8D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {4FCCAD0E-B77D-4650-B446-56AFCD3EB224} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {60D4EE0C-EF7F-4958-B2A0-A44FEDA18FFC} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-07-09] ()
Task: {6B8CF48A-3A0B-4C89-AF5B-9DF8D4DF97F3} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {A1FE3036-E2BD-4290-8C64-F383308A44FB} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-08-19] (ASUS)
Task: {A57D15B4-4EA8-46B5-945E-C6913DB0EE08} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-09-23] (AsusTek)
Task: {C12E3FD8-4317-4068-830D-F1E0E2ABC7A9} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {C3547454-5053-4443-914C-B51B11AC9AB9} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-29] (ASUSTek Computer Inc.)
Task: {CBB99F41-A0F1-4097-90D6-2E0F7A15F738} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CE4CC9BA-748C-4F5E-A7C1-3876F08719DE} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {D6F02E04-6CF1-488A-9924-F34463A7256F} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-08-16] (ASUSTeK Computer Inc.)
Task: {E22E4FCD-716F-4EBD-8CD3-D666426278EC} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-07-23] (ASUS)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2014-09-22 10:49 - 2014-09-22 10:49 - 00034304 _____ () C:\WINDOWS\System32\ssj2mlm.dll
2012-12-18 22:10 - 2012-12-18 22:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2013-12-10 07:13 - 2014-03-04 06:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-05-21 14:17 - 2014-03-04 05:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-07-23 09:54 - 2013-07-23 09:54 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2010-03-24 20:38 - 2010-03-24 20:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-12-14 23:51 - 2014-01-21 16:41 - 00817440 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
2014-05-02 13:27 - 2014-05-02 13:27 - 01784165 _____ () C:\Program Files (x86)\ScreenCloud\ScreenCloud.exe
2014-01-04 12:02 - 2013-05-31 13:30 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-08-19 17:16 - 2013-08-19 17:16 - 00015440 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-08-16 10:03 - 2013-08-16 10:03 - 00023040 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-12-14 23:51 - 2014-01-21 16:41 - 00149792 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\VmixPLGC.dll
2014-03-30 10:13 - 2014-03-30 10:13 - 00645632 _____ () C:\Program Files (x86)\ScreenCloud\QxtGui.dll
2014-03-30 10:13 - 2014-03-30 10:13 - 00350080 _____ () C:\Program Files (x86)\ScreenCloud\libquazip.dll
2014-03-30 10:13 - 2014-03-30 10:13 - 00112142 _____ () C:\Program Files (x86)\ScreenCloud\libgcc_s_dw2-1.dll
2014-03-30 10:13 - 2014-03-30 10:13 - 01000974 _____ () C:\Program Files (x86)\ScreenCloud\libstdc++-6.dll
2014-05-03 11:41 - 2014-05-03 11:41 - 10188997 _____ () C:\Program Files (x86)\ScreenCloud\libPythonQt.dll
2014-03-30 10:13 - 2014-03-30 10:13 - 00445440 _____ () C:\Program Files (x86)\ScreenCloud\QxtCore.dll
2014-03-30 10:13 - 2014-03-30 10:13 - 01863207 _____ () C:\Program Files (x86)\ScreenCloud\libpython2.7.dll
2013-05-25 20:23 - 2013-05-25 20:23 - 00159818 _____ () C:\Program Files (x86)\ScreenCloud\zlib.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00112919 _____ () C:\Program Files (x86)\ScreenCloud\operator.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00087626 _____ () C:\Program Files (x86)\ScreenCloud\_functools.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00090550 _____ () C:\Program Files (x86)\ScreenCloud\_locale.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 01396270 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_hashlib.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00149688 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\math.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00104921 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\binascii.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00089086 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_random.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00201987 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_collections.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00128525 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\itertools.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00093110 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_heapq.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00108774 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\time.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00113692 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_struct.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00094371 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\cStringIO.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00343741 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_socket.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 02056351 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_ssl.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00120766 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\array.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00086445 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\select.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00655558 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_ctypes.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00238902 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_io.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00286073 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\datetime.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00223899 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_winreg.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00117282 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\_json.pyd
2013-05-25 20:23 - 2013-05-25 20:23 - 00858500 _____ () C:\Program Files (x86)\ScreenCloud\modules\python-stdlib-native\unicodedata.pyd
2014-02-04 17:31 - 2014-02-04 17:31 - 00113171 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 02396179 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00268307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00031251 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 11148307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 01248787 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00066579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 02021395 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00100371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00240659 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00076307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00045587 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00060947 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00531475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00708627 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00114195 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00040467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00133139 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 01512467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00296979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00054291 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00038419 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00025619 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00189971 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00336403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00091667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00016403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00067603 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00146451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00077331 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00733203 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00015891 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00022035 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00021523 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00030739 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00021011 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00063507 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00036883 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00017427 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00025619 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00024595 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00064531 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00291859 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00017939 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 01280019 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00018451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00344595 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00198675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00027155 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 01371667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2014-02-04 17:32 - 2014-02-04 17:32 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00130579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00168979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00058899 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 01496083 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00019475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00013331 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2014-02-04 17:31 - 2014-02-04 17:31 - 00025619 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
2013-12-10 07:13 - 2014-03-04 06:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-01-26 15:29 - 2015-01-26 15:29 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2761190101-3978823051-44143618-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Dissident \Documents\Alien Abduction.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2761190101-3978823051-44143618-500 - Administrator - Disabled)
Dissident  (S-1-5-21-2761190101-3978823051-44143618-1002 - Administrator - Enabled) => C:\Users\Dissident
Guest (S-1-5-21-2761190101-3978823051-44143618-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/07/2015 04:02:31 PM) (Source: MsiInstaller) (EventID: 1002) (User: Dissident)
Description: Unexpected or missing value (name: 'PackageCode', value: 'GUID') in key 'HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219'

Error: (02/07/2015 03:58:17 PM) (Source: MsiInstaller) (EventID: 1002) (User: Dissident)
Description: Unexpected or missing value (name: 'PackageCode', value: 'GUID') in key 'HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219'

Error: (02/06/2015 09:26:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LolClient.exe, version: 0.0.0.0, time stamp: 0x515663e0
Faulting module name: Adobe AIR.dll, version: 3.7.0.1530, time stamp: 0x5156646c
Exception code: 0xc0000005
Fault offset: 0x0006dd76
Faulting process id: 0xfe8
Faulting application start time: 0xLolClient.exe0
Faulting application path: LolClient.exe1
Faulting module path: LolClient.exe2
Report Id: LolClient.exe3
Faulting package full name: LolClient.exe4
Faulting package-relative application ID: LolClient.exe5

Error: (02/06/2015 00:37:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x13dc
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (02/06/2015 00:29:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0xc2c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (02/06/2015 00:28:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 35.0.1.5500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 388

Start Time: 01d041e66d87d564

Termination Time: 24

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 0eece56e-adda-11e4-beb1-bcee7b28bc31

Faulting package full name:

Faulting package-relative application ID:

Error: (02/06/2015 00:28:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x4e8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (02/06/2015 00:25:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1630
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (02/06/2015 00:25:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 35.0.1.5500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1bac

Start Time: 01d041e371385cec

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: a901c677-add9-11e4-beb1-bcee7b28bc31

Faulting package full name:

Faulting package-relative application ID:

Error: (01/28/2015 00:09:46 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]


System errors:
=============
Error: (02/07/2015 01:18:12 PM) (Source: DCOM) (EventID: 10010) (User: Dissident)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/07/2015 01:17:42 PM) (Source: DCOM) (EventID: 10010) (User: Dissident)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/07/2015 02:13:38 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/06/2015 04:27:25 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/06/2015 04:02:07 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/06/2015 04:01:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%16389

Error: (02/06/2015 11:35:33 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/06/2015 10:32:57 AM) (Source: DCOM) (EventID: 10010) (User: Dissident)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/06/2015 10:32:27 AM) (Source: DCOM) (EventID: 10010) (User: Dissident)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/06/2015 08:51:54 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (02/07/2015 04:02:31 PM) (Source: MsiInstaller) (EventID: 1002) (User: Dissident)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (02/07/2015 03:58:17 PM) (Source: MsiInstaller) (EventID: 1002) (User: Dissident)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (02/06/2015 09:26:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LolClient.exe0.0.0.0515663e0Adobe AIR.dll3.7.0.15305156646cc00000050006dd76fe801d0422e3bf7951fC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.127\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.127\deploy\Adobe AIR\Versions\1.0\Adobe AIR.dll4c1fdf3b-ae25-11e4-beb1-bcee7b28bc31

Error: (02/06/2015 00:37:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f224800000030000142513dc01d041e8180f7aeaC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll6e27789f-addb-11e4-beb1-bcee7b28bc31

Error: (02/06/2015 00:29:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425c2c01d041e6d963a927C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll3c07abbe-adda-11e4-beb1-bcee7b28bc31

Error: (02/06/2015 00:28:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe35.0.1.550038801d041e66d87d56424C:\Program Files (x86)\Mozilla Firefox\firefox.exe0eece56e-adda-11e4-beb1-bcee7b28bc31

Error: (02/06/2015 00:28:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f22480000003000014254e801d041e69e71ebe6C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll100f46bb-adda-11e4-beb1-bcee7b28bc31

Error: (02/06/2015 00:25:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425163001d041e64e42c00fC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllaa54416a-add9-11e4-beb1-bcee7b28bc31

Error: (02/06/2015 00:25:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe35.0.1.55001bac01d041e371385cec4294967295C:\Program Files (x86)\Mozilla Firefox\firefox.exea901c677-add9-11e4-beb1-bcee7b28bc31

Error: (01/28/2015 00:09:46 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]


CodeIntegrity Errors:
===================================
  Date: 2015-02-06 16:55:53.096
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-28 23:10:13.001
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-23 12:48:58.056
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-21 22:36:22.146
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-20 21:32:59.670
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-20 09:38:37.582
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-19 21:38:42.227
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-16 12:55:53.252
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-05 15:25:04.199
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 19:28:28.951
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 23%
Total physical RAM: 8075.46 MB
Available physical RAM: 6192.11 MB
Total Pagefile: 9355.46 MB
Available Pagefile: 7023.21 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.01 GB) (Free:165.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:398.07 GB) (Free:397.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: DFCAAEF7)

Partition: GPT Partition Type.

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by Dissident  (administrator) on DISSIDENT on 07-02-2015 16:10:21
Running from C:\Users\Dissident \Desktop
Loaded Profiles: Dissident  (Available profiles: Dissident )
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Failed to access process -> MsMpEng.exe
Failed to access process -> NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
Failed to access process -> csrss.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
() C:\Program Files (x86)\ScreenCloud\ScreenCloud.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x64__8wekyb3d8bbwe\glcnd.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-07-31] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe [817440 2014-01-21] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-18] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2761190101-3978823051-44143618-1002\...\Run: [ScreenCloud] => C:\Program Files (x86)\ScreenCloud\ScreenCloud.exe [1784165 2014-05-02] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\S-1-5-21-2761190101-3978823051-44143618-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 129.65.16.254 129.65.21.254

FireFox:
========
FF ProfilePath: C:\Users\Dissident \AppData\Roaming\Mozilla\Firefox\Profiles\tys9uhyk.default
FF DefaultSearchEngine: Google
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Adblock Plus - C:\Users\Dissident \AppData\Roaming\Mozilla\Firefox\Profiles\tys9uhyk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-19]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-07-23] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] () [File not signed]
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-07-31] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-07-31] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-07-31] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-07-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-23] (ASUS Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-07-31] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-07-31] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-07-31] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-31] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 PlantronicsGC; C:\Windows\system32\drivers\PLTGC.sys [1327104 2013-10-08] (C-Media Electronics Inc)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-07-23] (Windows ® Win 7 DDK provider)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [460872 2013-03-08] (RTS Corporation)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-09-04] (Razer Inc)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-19] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 16:10 - 2015-02-07 16:10 - 00016132 _____ () C:\Users\Dissident \Desktop\FRST.txt
2015-02-07 16:02 - 2015-02-07 16:02 - 00000000 ____D () C:\ProgramData\Sun
2015-02-07 16:02 - 2014-10-02 21:14 - 01092512 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2015-02-07 16:02 - 2014-10-02 21:14 - 00971680 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2015-02-07 15:58 - 2015-02-07 15:58 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-07 15:58 - 2015-02-07 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-07 15:55 - 2015-02-07 15:55 - 00000595 _____ () C:\Users\Dissident \Desktop\Search.txt
2015-02-07 15:52 - 2015-02-07 16:10 - 00000000 ____D () C:\FRST
2015-02-07 15:51 - 2015-02-07 15:51 - 02132992 _____ (Farbar) C:\Users\Dissident \Desktop\FRST64.exe
2015-02-06 13:49 - 2014-04-17 07:17 - 00000000 ____D () C:\Users\Dissident \Downloads\Thee Oh Sees - Drop (2014)
2015-02-06 13:48 - 2014-10-02 16:11 - 00000000 ____D () C:\Users\Dissident \Downloads\2012 - Bear, Wives, Denim
2015-02-06 00:26 - 2015-02-07 16:06 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-06 00:26 - 2015-02-06 00:26 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-03 09:59 - 2015-02-03 09:59 - 00000000 __SHD () C:\Users\Dissident \AppData\Local\EmieBrowserModeList
2015-02-01 00:29 - 2015-02-01 00:29 - 00000830 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2015-01-29 19:44 - 2014-11-27 00:54 - 00000000 ____D () C:\Users\Dissident \Downloads\Mors Principium Est - Dawn Of The 5th Era (Japanese Edition) (2014) [320]
2015-01-29 19:43 - 2015-01-29 19:43 - 00000000 ____D () C:\Users\Dissident \Downloads\Rebel Era
2015-01-27 23:20 - 2015-01-27 23:20 - 00000000 ____D () C:\Users\Dissident \Downloads\... And Star Power
2015-01-26 15:29 - 2015-01-26 15:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 11:03 - 2015-01-23 11:03 - 00000002 _____ () C:\WINDOWS\AsCDProc.log
2015-01-22 11:29 - 2015-02-06 16:02 - 00000693 _____ () C:\WINDOWS\setupact.log
2015-01-22 11:29 - 2015-01-22 11:29 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-22 11:16 - 2015-01-22 11:17 - 00002144 _____ () C:\DelFix.txt
2015-01-20 00:44 - 2015-01-20 00:44 - 00000000 ____D () C:\ProgramData\Steam
2015-01-20 00:43 - 2015-01-20 00:43 - 00000000 ____D () C:\Users\Dissident \Documents\My Games
2015-01-20 00:43 - 2015-01-20 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yaiba Ninja Gaiden Z
2015-01-20 00:43 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2015-01-20 00:43 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2015-01-20 00:43 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2015-01-20 00:43 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2015-01-20 00:43 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2015-01-20 00:43 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2015-01-20 00:43 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2015-01-20 00:38 - 2015-01-20 00:43 - 00000000 ____D () C:\Program Files (x86)\Yaiba Ninja Gaiden Z
2015-01-20 00:06 - 2015-01-20 00:33 - 00000000 ____D () C:\Users\Dissident \Downloads\Yaiba Ninja Gaiden Z_RePack by SEYTER
2015-01-19 23:38 - 2015-01-19 23:38 - 00042497 _____ () C:\Users\Dissident \Documents\24kpwn.jpeg
2015-01-19 23:21 - 2015-02-06 00:38 - 00000000 ____D () C:\Users\Dissident \AppData\Local\CrashDumps
2015-01-19 23:05 - 2015-01-22 11:27 - 00000000 ____D () C:\Users\Dissident \AppData\Roaming\DAEMON Tools Lite
2015-01-19 23:05 - 2015-01-19 23:10 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-19 22:59 - 2015-01-19 22:59 - 00000000 ____D () C:\Users\Dissident \AppData\Roaming\PowerISO
2015-01-19 22:55 - 2015-01-19 22:55 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2015-01-19 21:42 - 2015-01-19 21:43 - 00000000 ____D () C:\Users\Dissident \Downloads\Microsoft Toolkit 2.3.2 For Office 2010 and Windows [h33t][iahq76]
2015-01-19 21:05 - 2015-02-07 15:42 - 01460764 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-19 19:29 - 2015-01-19 19:29 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-01-19 19:29 - 2015-01-19 19:29 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-19 19:14 - 2015-01-19 19:14 - 00001274 _____ () C:\WINDOWS\system32\.crusader
2015-01-19 18:13 - 2015-01-19 18:13 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\qfymyel.sys
2015-01-19 18:01 - 2015-01-19 18:01 - 00000000 ____D () C:\Users\Dissident \AppData\Roaming\9-lab
2015-01-19 17:45 - 2015-01-19 17:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-19 17:40 - 2015-01-19 17:40 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2015-01-19 17:30 - 2015-01-22 11:16 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-19 17:26 - 2015-01-19 23:34 - 00000090 _____ () C:\Users\Dissident \Documents\BleepingComputer.txt
2015-01-19 17:10 - 2015-01-19 19:14 - 00000000 ____D () C:\Program Files (x86)\unissalEEs
2015-01-19 17:10 - 2015-01-19 19:14 - 00000000 ____D () C:\Program Files (x86)\unaisales
2015-01-14 12:23 - 2014-12-18 22:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 12:23 - 2014-12-11 18:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 12:23 - 2014-12-08 17:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 12:23 - 2014-12-05 19:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 12:23 - 2014-12-05 17:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 12:23 - 2014-10-28 17:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 12:23 - 2014-10-28 17:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-14 12:22 - 2014-12-11 16:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 12:22 - 2014-12-08 11:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 12:22 - 2014-12-08 11:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 12:22 - 2014-12-08 11:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 12:22 - 2014-12-08 11:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 12:22 - 2014-12-08 11:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 12:22 - 2014-12-08 11:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 12:22 - 2014-12-08 11:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 12:22 - 2014-12-08 11:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 12:22 - 2014-12-05 17:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 12:22 - 2014-10-28 20:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 12:22 - 2014-10-28 20:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 12:22 - 2014-10-28 19:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 12:22 - 2014-10-28 19:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 12:22 - 2014-10-28 19:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 12:22 - 2014-10-28 19:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 12:22 - 2014-10-28 19:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 12:22 - 2014-10-28 19:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 12:22 - 2014-10-28 19:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 12:22 - 2014-10-28 19:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 12:22 - 2014-10-28 19:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 12:22 - 2014-10-28 18:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 12:22 - 2014-10-28 17:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 12:22 - 2014-10-28 17:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-11 13:56 - 2012-03-06 02:09 - 00000000 ____D () C:\Users\Dissident \Downloads\Fort Minor - We Major Limited Edition (DatPiff.com)

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 16:06 - 2014-05-19 16:46 - 00000000 ____D () C:\Users\Dissident \AppData\Roaming\Skype
2015-02-07 16:02 - 2014-10-02 21:14 - 00000000 ____D () C:\Program Files\Java
2015-02-07 16:00 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-07 15:58 - 2014-10-02 21:15 - 00319912 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-02-07 15:58 - 2014-10-02 21:15 - 00191400 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-02-07 15:58 - 2014-10-02 21:15 - 00190888 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-02-07 15:58 - 2014-10-02 21:15 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-02-07 12:00 - 2014-01-04 12:21 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-02-07 12:00 - 2014-01-04 12:21 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-02-07 02:15 - 2014-05-19 16:38 - 00000062 _____ () C:\Users\Dissident \AppData\Roaming\sp_data.sys
2015-02-06 16:03 - 2014-11-27 12:44 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-02-06 16:02 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-06 15:51 - 2014-07-07 17:08 - 00000000 ____D () C:\Users\Dissident \AppData\Roaming\uTorrent
2015-02-06 10:38 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-06 00:26 - 2014-05-19 17:30 - 00000000 ____D () C:\Users\Dissident \AppData\Local\Adobe
2015-02-04 15:12 - 2014-05-28 15:01 - 00000000 ____D () C:\Users\Dissident \AppData\Roaming\vlc
2015-02-03 11:31 - 2013-08-22 07:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 11:31 - 2013-08-22 07:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 20:25 - 2014-03-18 02:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-28 09:13 - 2014-05-19 16:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 00:10 - 2013-08-22 05:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-27 23:21 - 2014-07-19 12:32 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-22 11:38 - 2014-10-14 18:59 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-01-21 22:35 - 2014-05-19 17:53 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2761190101-3978823051-44143618-1002
2015-01-20 20:52 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-01-19 19:54 - 2014-06-04 13:43 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-19 17:45 - 2014-07-19 12:32 - 00097496 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-19 17:13 - 2014-05-20 13:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-14 13:35 - 2014-05-20 02:15 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 13:31 - 2014-05-20 02:15 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2014-05-19 16:38 - 2015-02-07 02:15 - 0000062 _____ () C:\Users\Dissident \AppData\Roaming\sp_data.sys
2014-05-21 14:18 - 2014-05-21 14:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Dissident \AppData\Local\Temp\Inputps.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 12:19

==================== End Of Log ============================


  • 0

#37
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
I'll be home in one hour and we can get this resolved. It has to be through the forum though and not Skype.
  • 1

#38
0x24000

0x24000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

I'll be home in one hour and we can get this resolved. It has to be through the forum though and not Skype.

Sure thing! Thanks a lot.


  • 0

#39
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK, let's please do the following.
 
Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   624bytes   36 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 
Step#2 - Run RogueKiller

  • Click here to go to the RogueKiller download page.
  • Scroll down on the page and click on the Download button for the 64-bit version.

64bit.JPG

  • Quit all programs and close all browsers.
  • Double click the RogueKiller icon to run the program.
    NOTE: If this is the first time you have used the program you will need to accept the User Agreement and the browser will open with some information related to the program.
  • Wait until Prescan has finished ...This may take a few minutes, especially if it is the first time you have used the program.
  • Click on Scan
  • Wait for the end of the scan.
  • DO NOT delete anything at this time.
  • The report has been created on the desktop.
  • Please post:All RKreport.txt text files located on your desktop.
    NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again

 

 

 

Items for your next post

1. FRST Fix Log

2. RogueKiller log


  • 1

#40
0x24000

0x24000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
Ran by Dissident  at 2015-02-07 17:57:48 Run:2
Running from C:\Users\Dissident \Desktop
Loaded Profiles: Dissident  (Available profiles: Dissident )
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CustomCLSID: HKU\S-1-5-21-2761190101-3978823051-44143618-1002_Classes\CLSID\{5F63E8CB-8F57-490A-97FE-62BC2F2A5EA4}\InprocServer32 -> No File Path
reg: reg query "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219" /s
cmd: ren C:\WINDOWS\system32\Drivers\etc\hosts.txt C:\WINDOWS\system32\Drivers\etc\hosts
2015-01-19 17:10 - 2015-01-19 19:14 - 00000000 ____D () C:\Program Files (x86)\unissalEEs
2015-01-19 17:10 - 2015-01-19 19:14 - 00000000 ____D () C:\Program Files (x86)\unaisales
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google]
cmd: ipconfig /flushdns
EmptyTemp:


*****************

Restore point was successfully created.
"HKU\S-1-5-21-2761190101-3978823051-44143618-1002_Classes\CLSID\{5F63E8CB-8F57-490A-97FE-62BC2F2A5EA4}" => Key deleted successfully.

========= reg query "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219" /s =========


HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219
    PackageCode    REG_SZ    GUID



========= End of Reg: =========


=========  ren C:\WINDOWS\system32\Drivers\etc\hosts.txt C:\WINDOWS\system32\Drivers\etc\hosts =========

The syntax of the command is incorrect.

========= End of CMD: =========

C:\Program Files (x86)\unissalEEs => Moved successfully.
C:\Program Files (x86)\unaisales => Moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google => Key Deleted Successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 890.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 17:58:37 ====

 

Step 2...pending.


  • 0

Advertisements


#41
0x24000

0x24000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

No log was saved to the desktop or downloads folder. However, I clicked Report on the program at the end of the scan.

 

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Dissident  [Administrator]
Mode : Scan -- Date : 02/07/2015  18:07:48

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 16 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 129.65.16.254 129.65.21.254 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 129.65.16.254 129.65.21.254 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C52EEE0C-310E-4079-9D24-5B40AAF2173C} | DhcpNameServer : 129.65.16.254 129.65.21.254 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C52EEE0C-310E-4079-9D24-5B40AAF2173C} | DhcpNameServer : 129.65.16.254 129.65.21.254 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2761190101-3978823051-44143618-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2761190101-3978823051-44143618-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2761190101-3978823051-44143618-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2761190101-3978823051-44143618-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2761190101-3978823051-44143618-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2761190101-3978823051-44143618-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2761190101-3978823051-44143618-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2761190101-3978823051-44143618-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2761190101-3978823051-44143618-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2761190101-3978823051-44143618-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2761190101-3978823051-44143618-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2761190101-3978823051-44143618-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST750LM022 HN-M750MBB +++++
--- User ---
[MBR] c6240f3a91f5c2926881d424d7fd225a
[BSP] 1d3f8eac7e24d77f548d08a816b25ed6 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_01192015_193528.log - RKreport_SCN_01192015_193417.log


  • 0

#42
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks for the info. Please do the following fix and then let me know how your machine is.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   167bytes   27 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.


  • 1

#43
0x24000

0x24000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
Ran by Dissident  at 2015-02-07 18:45:06 Run:3
Running from C:\Users\Dissident \Desktop
Loaded Profiles: Dissident  (Available profiles: Dissident )
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
cmd: ren C:\WINDOWS\system32\Drivers\etc\hosts.txt hosts
[-HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219]
EmptyTemp:
*****************

Restore point was successfully created.

=========  ren C:\WINDOWS\system32\Drivers\etc\hosts.txt hosts =========


========= End of CMD: =========

HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219 => Key Deleted successfully.
EmptyTemp: => Removed 50 MB temporary data.


The system needed a reboot.

==== End of Fixlog 18:45:37 ====

 

Don't know if my machine is clean or not.


  • 0

#44
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

I believe your machine is clean at this point. Before we remove our tools however I'd like you to use your machine for a little and let me know if you have any issues.


  • 1

#45
0x24000

0x24000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

I believe your machine is clean at this point. Before we remove our tools however I'd like you to use your machine for a little and let me know if you have any issues.

How can we be 100% sure?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP