Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I have something bad on my PC [Closed]

Started by Dohnovan , Feb 25 2015 08:11 PM

  • This topic is locked This topic is locked

#1
Dohnovan
Posted 25 February 2015 - 08:11 PM

Dohnovan

    Member

  • Member
  • PipPip
  • 99 posts

I recently started playing this awesome game on steam and I noticed that I was lagging like crazy, so I thought to myself, I should check my computer and make sure I don't have anything bad! I checked task manager and noticed I had a fake atieclxx.exe on my computer and ATI Catalsyt Install Manager which I cannot uninstall it has no option in the Uninstall a Program panel.  I also noticed I had some suspicous stuff in the Program panel that I never really worried about until now it turns out they were bad apples. I uninstalled the first bad apple and it said that system 32 and windows and shiz was uninstalled then I noticed some problems, I have lost admin powers on the computer which I feel I never really had, so I went to the Admin setting and clicked on it then it disappeared. I don't know what to do since some of this stuff has been here for awhile. Please help and thank you!


  • 0

Advertisements

#2
dbreeze
Posted 26 February 2015 - 08:19 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Hi Dohnovan,

Welcome back to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


- Save ALL Tools to your Desktop-


All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab. Thank you.




Let's get started....

FIRST >>>>

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
SECOND >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Information to Reply with >>>>
  • The FRST.txt log file text.
  • The Addition.txt log file text.
  • The AdwCleaner[S#].txt log file text.
  • Any questions or concerns you may have.
(Note: you may use more than one post if you want for the logs.)
  • 0

#3
Dohnovan
Posted 27 February 2015 - 08:08 AM

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Jennifer (administrator) on JENNIFER-PC on 27-02-2015 07:02:36
Running from C:\Users\Jennifer\Desktop
Loaded Profiles: Jennifer (Available profiles: Jennifer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3796663202-1426937064-2068174289-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-22] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3796663202-1426937064-2068174289-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-3796663202-1426937064-2068174289-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\nayn53ai.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Program Files (x86)\ArcPlugins\NPSWF32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Extension: NoScript - C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\nayn53ai.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-18]
FF Extension: No Name - C:\PROGRA~2\MOZILL~1\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-25]
CHR Extension: (Google Docs) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-18]
CHR Extension: (Google Drive) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-18]
CHR Extension: (WOT) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-02-18]
CHR Extension: (YouTube) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-18]
CHR Extension: (Google Search) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-18]
CHR Extension: (AdBlock) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-18]
CHR Extension: (Google Wallet) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-18]
CHR Extension: (Gmail) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-18]
CHR Profile: C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (No Name) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [88400 2015-02-12] (Perfect World Entertainment Inc)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1508656 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S4 PCloudCleanerService; C:\Windows\SysWOW64\PCloudCleanerService.EXE [93152 2013-10-04] (Panda Security S.L.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [126568 2015-01-20] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2015-01-18] (The OpenVPN Project)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [58136 2014-12-03] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [270816 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-01-16] (AVG Technologies CZ, s.r.o.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-23] (REALiX™)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-04] (Razer Inc)
S1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [35496 2014-09-04] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 nvraid; \SystemRoot\system32\drivers\nvraid.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-27 07:02 - 2015-02-27 07:02 - 00013183 _____ () C:\Users\Jennifer\Desktop\FRST.txt
2015-02-27 06:59 - 2015-02-27 07:02 - 00000000 ____D () C:\FRST
2015-02-27 06:58 - 2015-02-27 06:58 - 02087936 _____ (Farbar) C:\Users\Jennifer\Desktop\FRST64.exe
2015-02-26 22:49 - 2015-02-26 22:49 - 00001861 _____ () C:\Users\Public\Desktop\Forsaken World.lnk
2015-02-26 22:39 - 2015-02-26 22:49 - 00000000 ____D () C:\Program Files (x86)\Forsaken World_en
2015-02-26 22:27 - 2015-02-26 22:27 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\AVG2015
2015-02-26 22:26 - 2015-02-26 22:26 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-02-26 22:26 - 2015-02-26 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-26 22:24 - 2015-02-26 22:27 - 00000000 ____D () C:\ProgramData\AVG2015
2015-02-26 22:24 - 2015-02-26 22:24 - 00000000 ___HD () C:\$AVG
2015-02-26 22:22 - 2015-02-26 22:22 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-02-26 22:16 - 2015-02-26 22:41 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Avg2015
2015-02-26 22:15 - 2015-02-26 22:16 - 04800936 _____ (AVG Technologies) C:\Users\Jennifer\Downloads\avg_free_stb_all_5751p1_177.exe
2015-02-26 22:11 - 2014-11-07 08:33 - 00014864 ____N (AVAST Software) C:\Windows\system32\Drivers\ngiodriver_x64
2015-02-26 20:44 - 2015-02-26 20:49 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Arc
2015-02-26 20:38 - 2015-02-27 06:50 - 00000000 ____D () C:\Program Files (x86)\Arc
2015-02-26 20:38 - 2015-02-26 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2015-02-26 20:38 - 2015-02-26 20:38 - 00001620 _____ () C:\Users\Public\Desktop\PWI.lnk
2015-02-26 20:38 - 2015-02-26 20:38 - 00001592 _____ () C:\Users\Public\Desktop\Arc.lnk
2015-02-26 20:37 - 2015-02-18 18:26 - 10491360 _____ (Perfect World Entertainment) C:\Users\Jennifer\Downloads\ArcInstall_PWI_20150213.exe
2015-02-26 20:36 - 2015-02-26 20:37 - 01021056 _____ (Perfect World Entertainment) C:\Users\Jennifer\Downloads\Pwi_ArcSetup (1).exe
2015-02-26 20:07 - 2015-02-18 18:26 - 10564184 _____ (Perfect World Entertainment) C:\Users\Jennifer\Downloads\ArcInstall_FW_20150213.exe
2015-02-26 20:06 - 2015-02-26 20:07 - 01012888 _____ (Perfect World Entertainment) C:\Users\Jennifer\Downloads\Forsaken-world_ArcSetup.exe
2015-02-25 23:01 - 2015-01-08 20:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-25 23:01 - 2015-01-08 20:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-25 23:01 - 2015-01-08 20:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-25 23:01 - 2015-01-08 19:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-25 21:20 - 2015-02-25 21:37 - 00000000 ____D () C:\Program Files (x86)\Driver Sweeper
2015-02-25 21:20 - 2015-02-25 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Sweeper
2015-02-25 21:19 - 2015-02-25 21:19 - 00947042 _____ (Phyxion.net - Guru3D.com ) C:\Users\Jennifer\Downloads\DriverSweeper_1.5.5_setup__Guru3D.com_.exe
2015-02-25 20:24 - 2015-02-25 22:49 - 00000000 ____D () C:\SUPERDelete
2015-02-25 20:15 - 2015-02-27 06:52 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-25 20:15 - 2015-02-26 20:15 - 00000516 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 63976dbf-e6dc-4cea-88b4-50d322e16cfd.job
2015-02-25 20:15 - 2015-02-26 02:00 - 00000516 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 30031815-3580-4b64-9ab7-918401728788.job
2015-02-25 20:15 - 2015-02-25 20:15 - 00003602 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 30031815-3580-4b64-9ab7-918401728788
2015-02-25 20:15 - 2015-02-25 20:15 - 00003528 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 63976dbf-e6dc-4cea-88b4-50d322e16cfd
2015-02-25 20:15 - 2015-02-25 20:15 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2015-02-25 20:15 - 2015-02-25 20:15 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\SUPERAntiSpyware.com
2015-02-25 20:15 - 2015-02-25 20:15 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-02-25 20:15 - 2015-02-25 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-02-25 20:11 - 2015-02-25 20:12 - 21311072 _____ (SUPERAntiSpyware) C:\Users\Jennifer\Downloads\SUPERAntiSpyware.exe
2015-02-25 19:51 - 2015-02-25 20:01 - 00000000 ____D () C:\Users\Jennifer\Downloads\backups
2015-02-25 19:36 - 2015-02-26 20:33 - 00001268 _____ () C:\Users\Jennifer\Desktop\Revo Uninstaller.lnk
2015-02-25 19:36 - 2015-02-25 19:36 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-25 19:35 - 2015-02-25 19:35 - 01114576 _____ () C:\Users\Jennifer\Downloads\revosetup.exe
2015-02-25 18:52 - 2015-02-25 18:53 - 00756776 _____ (Microsoft Corporation) C:\Users\Jennifer\Downloads\OneCareCleanup.exe
2015-02-25 03:01 - 2015-01-08 16:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 03:01 - 2015-01-08 16:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 19:04 - 2015-02-24 19:04 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\CrashRpt
2015-02-23 22:54 - 2015-02-23 22:54 - 00000222 _____ () C:\Users\Jennifer\Desktop\Rise of Incarnates.url
2015-02-23 22:19 - 2015-02-24 22:27 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-02-23 21:05 - 2015-02-23 21:05 - 00000222 _____ () C:\Users\Jennifer\Desktop\Infestation Survivor Stories.url
2015-02-23 21:03 - 2015-02-23 21:05 - 00000222 _____ () C:\Users\Jennifer\Desktop\Nether.url
2015-02-23 20:35 - 2015-02-23 20:35 - 00000247 _____ () C:\Windows\system32\2015-02-24-03-35-00.024-aswFe.exe-5032.log
2015-02-23 20:34 - 2015-02-23 20:34 - 00000197 _____ () C:\Windows\system32\2015-02-24-03-34-47.031-AvastVBoxSVC.exe-4988.log
2015-02-23 20:29 - 2015-02-23 20:29 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\roi
2015-02-23 18:27 - 2015-02-25 14:29 - 00000333 _____ () C:\Users\Jennifer\Desktop\Recfac.txt
2015-02-21 08:01 - 2015-02-21 08:01 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Steam
2015-02-19 21:26 - 2015-02-19 21:26 - 00270816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-02-18 12:01 - 2015-02-19 23:05 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-18 12:01 - 2015-02-18 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-18 11:59 - 2015-02-27 06:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-18 11:59 - 2015-02-26 23:04 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-18 11:59 - 2015-02-18 11:59 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-18 11:59 - 2015-02-18 11:59 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-18 11:58 - 2015-02-18 11:58 - 00880208 _____ (Google Inc.) C:\Users\Jennifer\Downloads\ChromeSetup.exe
2015-02-18 11:27 - 2015-02-25 21:28 - 00000000 ____D () C:\ProgramData\Foolish IT
2015-02-18 11:27 - 2015-02-18 11:27 - 00053248 _____ () C:\Windows\SysWOW64\zlib.dll
2015-02-18 11:26 - 2015-02-18 11:27 - 00971528 _____ (Foolish IT LLC ) C:\Users\Jennifer\Downloads\CryptoPreventSetup.exe
2015-02-18 11:13 - 2015-02-18 11:13 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Mozilla
2015-02-18 11:12 - 2015-02-18 11:12 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-18 11:11 - 2015-02-18 11:12 - 00243440 _____ () C:\Users\Jennifer\Downloads\Firefox Setup Stub 35.0.1.exe
2015-02-11 06:13 - 2015-01-22 21:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 06:13 - 2015-01-22 21:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 06:13 - 2015-01-22 20:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 06:13 - 2015-01-22 20:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-10 11:56 - 2015-01-09 23:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 11:56 - 2015-01-09 23:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 11:56 - 2015-01-09 23:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 11:56 - 2015-01-09 23:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 11:56 - 2015-01-09 23:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 11:56 - 2015-01-09 23:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 11:56 - 2015-01-09 23:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 11:56 - 2015-01-09 23:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 11:56 - 2015-01-09 23:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 11:56 - 2015-01-09 23:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 11:56 - 2015-01-09 23:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 11:56 - 2015-01-09 23:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 11:56 - 2015-01-09 23:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 11:56 - 2015-01-09 23:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 11:55 - 2015-01-13 22:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 11:55 - 2015-01-13 22:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 11:55 - 2015-01-11 20:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 11:55 - 2015-01-11 20:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 11:55 - 2015-01-11 20:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 11:55 - 2015-01-11 19:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 11:55 - 2015-01-11 19:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 11:55 - 2015-01-11 19:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 11:55 - 2015-01-11 19:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 11:55 - 2015-01-11 19:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 11:55 - 2015-01-11 19:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 11:55 - 2015-01-11 19:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 11:55 - 2015-01-11 19:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 11:55 - 2015-01-11 19:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 11:55 - 2015-01-11 19:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 11:55 - 2015-01-11 19:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 11:55 - 2015-01-11 19:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 11:55 - 2015-01-11 19:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 11:55 - 2015-01-11 19:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 11:55 - 2015-01-11 19:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 11:55 - 2015-01-11 19:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 11:55 - 2015-01-11 19:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 11:55 - 2015-01-11 19:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 11:55 - 2015-01-11 19:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 11:55 - 2015-01-11 19:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 11:55 - 2015-01-11 19:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 11:55 - 2015-01-11 19:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 11:55 - 2015-01-11 19:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 11:55 - 2015-01-11 19:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 11:55 - 2015-01-11 18:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 11:55 - 2015-01-11 18:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 11:55 - 2015-01-11 18:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 11:55 - 2015-01-11 18:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 11:55 - 2015-01-11 18:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 11:55 - 2015-01-11 18:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 11:55 - 2015-01-11 18:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 11:55 - 2015-01-11 18:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 11:55 - 2015-01-11 18:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 11:55 - 2015-01-11 18:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 11:55 - 2015-01-11 18:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 11:55 - 2015-01-11 18:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 11:55 - 2015-01-11 18:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 11:55 - 2015-01-11 18:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 11:55 - 2015-01-11 18:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 11:55 - 2015-01-11 18:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 11:55 - 2015-01-11 18:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 11:55 - 2015-01-11 18:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 11:55 - 2015-01-11 18:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 11:55 - 2015-01-11 18:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 11:55 - 2015-01-11 18:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 11:55 - 2015-01-11 17:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 11:55 - 2015-01-11 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 11:54 - 2015-01-15 01:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 11:54 - 2015-01-15 01:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 11:54 - 2015-01-15 01:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 11:54 - 2015-01-15 01:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 11:54 - 2015-01-15 01:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 11:54 - 2015-01-15 01:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 11:54 - 2015-01-15 01:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 11:54 - 2015-01-15 01:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 11:54 - 2015-01-15 01:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 11:54 - 2015-01-15 01:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 11:54 - 2015-01-15 01:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 11:54 - 2015-01-15 00:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 11:54 - 2015-01-15 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 11:54 - 2015-01-15 00:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 11:54 - 2015-01-15 00:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 11:54 - 2015-01-15 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 11:54 - 2015-01-15 00:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 11:54 - 2015-01-14 21:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 11:54 - 2015-01-12 20:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 11:54 - 2015-01-12 19:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 11:54 - 2014-12-11 22:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 11:54 - 2014-12-11 22:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 11:52 - 2014-11-25 20:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 11:52 - 2014-11-25 20:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 11:50 - 2015-01-13 23:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 11:50 - 2015-01-13 23:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 11:50 - 2015-01-13 23:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 11:50 - 2015-01-13 23:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 11:50 - 2015-01-13 22:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 11:50 - 2015-01-13 22:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 11:50 - 2015-01-13 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 11:50 - 2014-12-07 20:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 11:50 - 2014-12-07 19:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 11:47 - 2015-01-08 19:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-03 10:47 - 2015-02-03 10:47 - 00341472 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2015-01-31 02:39 - 2015-02-18 11:15 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Mozilla
2015-01-29 20:23 - 2015-01-29 20:44 - 3948773923 ____R () C:\Users\Jennifer\Downloads\InceptionPW.zip
2015-01-29 20:23 - 2015-01-29 20:23 - 00020181 _____ () C:\Users\Jennifer\Downloads\InceptionPWv33.zip.torrent
2015-01-29 19:55 - 2015-01-29 19:55 - 00001254 _____ () C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Devastation PW Classic.lnk
2015-01-29 19:55 - 2015-01-29 19:55 - 00001224 _____ () C:\Users\Jennifer\Desktop\Devastation PW Classic.lnk
2015-01-29 19:50 - 2015-01-29 19:50 - 00000000 ____D () C:\Program Files (x86)\Devastation PW Classic
2015-01-29 19:49 - 2015-01-29 19:49 - 00000000 ____D () C:\Users\Jennifer\Desktop\Deva
2015-01-29 19:34 - 2015-01-29 19:34 - 00020241 _____ () C:\Users\Jennifer\Downloads\Devastation PW Classic Setup.torrent
2015-01-29 04:31 - 2015-01-29 04:42 - 00000000 ____D () C:\Program Files (x86)\PWI_en
2015-01-29 03:10 - 2015-02-26 20:37 - 00000000 ____D () C:\Users\Jennifer\Downloads\Log
2015-01-29 03:10 - 2015-01-29 03:10 - 01021056 _____ (Perfect World Entertainment) C:\Users\Jennifer\Downloads\Pwi_ArcSetup.exe
2015-01-29 03:10 - 2015-01-09 12:42 - 10320176 _____ (Perfect World Entertainment) C:\Users\Jennifer\Downloads\ArcInstall_PWI_20150108.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-27 06:59 - 2009-07-13 21:45 - 00015328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-27 06:59 - 2009-07-13 21:45 - 00015328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-27 06:58 - 2013-08-02 18:16 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-27 06:57 - 2013-07-29 08:48 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Skype
2015-02-27 06:57 - 2013-07-29 00:56 - 01074137 _____ () C:\Windows\WindowsUpdate.log
2015-02-27 06:51 - 2015-01-14 11:08 - 00003412 _____ () C:\Windows\setupact.log
2015-02-27 06:51 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-27 06:50 - 2015-01-14 21:34 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-27 06:50 - 2015-01-14 11:04 - 01287266 _____ () C:\Windows\PFRO.log
2015-02-26 22:49 - 2013-10-11 17:39 - 00000000 ___HD () C:\ArcTemp
2015-02-26 20:38 - 2013-07-29 00:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-26 20:37 - 2013-10-15 19:27 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-26 13:01 - 2013-09-11 19:29 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\TS3Client
2015-02-26 12:46 - 2013-07-29 00:27 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-25 23:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Registration
2015-02-25 23:07 - 2013-07-29 00:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-25 23:03 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\tracing
2015-02-25 22:53 - 2013-07-29 00:31 - 00000000 ____D () C:\ProgramData\AMD
2015-02-25 22:53 - 2013-07-29 00:30 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-02-25 21:36 - 2013-10-05 12:59 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\ATI
2015-02-25 21:36 - 2013-10-05 12:59 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\ATI
2015-02-25 21:25 - 2014-12-14 21:28 - 00000000 ____D () C:\Program Files (x86)\A3Launcher
2015-02-25 20:57 - 2013-09-07 17:25 - 00000000 ____D () C:\Users\Jennifer\Downloads\patch
2015-02-25 20:48 - 2015-01-05 18:14 - 00000000 ____D () C:\Users\Jennifer\Downloads\6.0.2.2662.en_Rompvp_full_setup
2015-02-25 20:34 - 2013-07-29 00:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-02-25 20:01 - 2015-01-15 16:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 19:59 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-02-25 19:58 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-02-25 19:57 - 2009-07-13 21:45 - 00420432 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-25 19:09 - 2014-08-31 23:54 - 00007597 _____ () C:\Users\Jennifer\AppData\Local\Resmon.ResmonCfg
2015-02-25 18:53 - 2013-07-29 09:29 - 00112472 _____ () C:\Users\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-24 16:30 - 2014-11-24 21:51 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Arma 3
2015-02-24 12:46 - 2013-08-16 09:05 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\uTorrent
2015-02-23 22:54 - 2013-10-15 19:39 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-23 22:19 - 2013-08-24 19:18 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-02-23 21:18 - 2014-05-05 21:40 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-23 20:28 - 2014-09-06 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2015-02-23 20:28 - 2014-09-06 19:23 - 00000000 ____D () C:\Program Files (x86)\Glyph
2015-02-23 20:13 - 2014-01-28 19:05 - 00000194 _____ () C:\Windows\SysWOW64\PCloudCleanerService.log
2015-02-18 12:01 - 2013-08-10 14:16 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-18 11:44 - 2013-08-10 14:16 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Google
2015-02-12 03:55 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 03:07 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 03:02 - 2013-07-29 07:37 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 16:53 - 2009-07-13 22:08 - 00032596 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-06 01:22 - 2014-05-16 16:04 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Tera_Awesomium
2015-02-04 13:02 - 2014-10-25 22:30 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-02-02 16:12 - 2013-11-18 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2015-02-02 16:12 - 2013-11-18 14:49 - 00000000 ____D () C:\Program Files (x86)\NCWest
2015-02-02 16:10 - 2013-11-18 14:42 - 00000000 ____D () C:\Program Files (x86)\NCsoft
2015-01-29 19:33 - 2015-01-16 18:48 - 00000000 ____D () C:\ProgramData\Unchecky
 
==================== Files in the root of some directories =======
 
2014-12-14 00:11 - 2015-01-13 23:57 - 0000299 _____ () C:\Users\Jennifer\AppData\Roaming\BreakingPoint_Login.ini
2014-12-14 00:11 - 2015-01-14 00:41 - 0001408 _____ () C:\Users\Jennifer\AppData\Roaming\BreakingPoint_Options.ini
2014-03-19 23:04 - 2014-03-19 23:04 - 0055023 _____ () C:\Users\Jennifer\AppData\Roaming\icarus-dxdiag.xml
2014-09-06 16:28 - 2014-09-06 16:28 - 0893239 _____ () C:\Users\Jennifer\AppData\Local\a.zip
2013-12-17 22:00 - 2013-12-17 22:00 - 0000096 _____ () C:\Users\Jennifer\AppData\Local\fusioncache.dat
2014-12-18 23:31 - 2014-12-18 23:31 - 0001072 _____ () C:\Users\Jennifer\AppData\Local\Local - Shortcut.lnk
2014-08-31 23:54 - 2015-02-25 19:09 - 0007597 _____ () C:\Users\Jennifer\AppData\Local\Resmon.ResmonCfg
2014-12-14 21:37 - 2014-12-14 21:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\Jennifer\AppData\Local\Temp\VSUSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-24 00:52
 
==================== End Of Log ============================

  • 0

#4
Dohnovan
Posted 27 February 2015 - 08:09 AM

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Jennifer at 2015-02-27 07:03:24
Running from C:\Users\Jennifer\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
A3Launcher version 0.0.0.3 (HKLM-x32\...\{E31045B4-9DB5-9EBD-44DF-BD4CFDE640DF}_is1) (Version: 0.0.0.3 - Maca134)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)
AVG 2015 (Version: 15.0.4299 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version:  - Blizzard Entertainment)
Driver Sweeper 1.5.5 (HKLM-x32\...\{0965D484-1777-4BA5-8C3A-095A6B0D2696}_is1) (Version:  - Phyxion.net - Guru3D.com)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version:  - OP Productions LLC)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
Nether (HKLM-x32\...\Steam App 247730) (Version:  - Phosphor Games)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.8-1.0.8500.20 - raidcall.com)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rise of Incarnates (HKLM-x32\...\Steam App 258160) (Version:  - BANDAI NAMCO Studio)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3796663202-1426937064-2068174289-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
TeamSpeak 3 Client (HKU\S-1-5-21-3796663202-1426937064-2068174289-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{A0D70C31-D5CB-4491-A508-5CF2C9F25EE0}) (Version: 1.00.0000 - En Masse Entertainment)
Unchecky v0.3.6 (HKLM-x32\...\Unchecky) (Version: 0.3.6 - RaMMicHaeL)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3796663202-1426937064-2068174289-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3796663202-1426937064-2068174289-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
 
==================== Restore Points  =========================
 
16-01-2015 18:37:41 End of disinfection
16-01-2015 18:54:04 Removed Should I Remove It
16-01-2015 19:35:36 Installed Aion
18-01-2015 13:07:41 avast! antivirus system restore point
20-01-2015 01:05:40 Removed League of Legends
20-01-2015 05:37:04 Windows Update
23-01-2015 17:17:25 Windows Update
27-01-2015 00:15:37 Windows Update
29-01-2015 03:11:39 Installed Arc
30-01-2015 11:40:02 Windows Update
02-02-2015 16:11:19 Removed Aion
02-02-2015 16:13:43 Removed Arcadia PVE Runes of Magic
03-02-2015 15:22:03 Windows Update
10-02-2015 11:48:43 Windows Update
11-02-2015 03:00:19 Windows Update
12-02-2015 03:00:37 Windows Update
16-02-2015 06:59:56 Removed Java 8 Update 25
17-02-2015 00:49:04 Windows Update
18-02-2015 09:39:33 Removed Java 8 Update 25 (64-bit)
18-02-2015 11:14:34 Removed Google Talk Plugin
20-02-2015 06:52:39 Windows Update
23-02-2015 21:06:14 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
23-02-2015 21:07:20 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
23-02-2015 21:10:36 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
23-02-2015 21:12:46 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
23-02-2015 21:14:17 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
23-02-2015 21:15:54 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
23-02-2015 21:16:55 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
24-02-2015 12:29:31 Windows Update
25-02-2015 03:00:38 Windows Update
25-02-2015 18:56:22 Removed Microsoft .NET Framework 1.1
25-02-2015 21:27:34 Revo Uninstaller's restore point - CryptoPrevent
25-02-2015 23:02:35 Windows Update
26-02-2015 12:37:52 Revo Uninstaller's restore point - NVIDIA Stereoscopic 3D Driver
26-02-2015 13:01:14 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
26-02-2015 20:35:14 Removed Arc
26-02-2015 20:38:38 Installed Arc
26-02-2015 22:10:20 avast! antivirus system restore point
26-02-2015 22:22:16 Installed AVG 2015
26-02-2015 22:22:49 Installed AVG 2015
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2015-02-27 06:51 - 00001196 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
 
There are 5 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A22E98E-07D5-468D-BA79-BC386F274091} - System32\Tasks\{422FF63E-5445-4D5F-9683-7F403EF71BE4} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {214F6FA8-0A02-45F5-9C72-815333941A7E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-18] (Google Inc.)
Task: {226D0725-8398-40E0-8874-A8F77E2351DD} - System32\Tasks\{A7D6ED4C-9E53-41AC-A275-396D94C3DF37} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {2388753E-A1DC-4143-9F2A-4368C36498D5} - System32\Tasks\{D1216D47-624B-44C3-801F-547FC9494A31} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {4543DE13-B982-4180-9EB2-7BDE35A7B90F} - System32\Tasks\SUPERAntiSpyware Scheduled Task 30031815-3580-4b64-9ab7-918401728788 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {71645E5B-150D-4C6E-BA58-D527DB38039D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-18] (Google Inc.)
Task: {8314096D-4A38-4D20-B18B-133DCB315261} - System32\Tasks\{DF76B1F9-3101-4848-B770-C5A449D86117} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {980309FC-3CD5-41A0-8789-769E042FC239} - System32\Tasks\{EC591D39-E54C-48F9-ADDD-1A302B8AE815} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {A14927BE-15E3-49CF-BA93-1535742C73AE} - System32\Tasks\{BD50D5B9-3F95-459C-80F7-B9617ABB36C3} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {A6D9AD91-F755-4F0F-83BB-562D55EF25E1} - System32\Tasks\{9BBCC007-61D2-4A85-A23C-4695B17A9D6E} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {B077AAC1-E802-4E2F-A310-CEF1C2536EA9} - System32\Tasks\{6A2C7DE8-D2DF-4AB8-AECA-A0099B0648A8} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {C1310865-CAB2-458C-8A64-03CADE054747} - System32\Tasks\{5191FA3E-3FFE-439C-B697-E457C01E90C0} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {ECFD75B3-94E3-407F-8D51-F131AE21F7BF} - System32\Tasks\SUPERAntiSpyware Scheduled Task 63976dbf-e6dc-4cea-88b4-50d322e16cfd => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {F0970072-3090-41F7-A738-FC27498EE9B7} - System32\Tasks\{F880F727-B8E2-40D3-9D6A-EE19EB46DD19} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 30031815-3580-4b64-9ab7-918401728788.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 63976dbf-e6dc-4cea-88b4-50d322e16cfd.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-01-20 19:20 - 2015-01-20 19:20 - 00058880 _____ () C:\Program Files (x86)\Unchecky\bin\collector.dll
2015-02-19 23:05 - 2015-02-17 15:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-19 23:05 - 2015-02-17 15:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-19 23:05 - 2015-02-17 15:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
DNS Servers: 75.75.75.75 - 75.75.76.76
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssSrv => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
MSCONFIG\startupreg: Spotify => "C:\Users\Jennifer\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Jennifer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: uTorrent => "C:\Users\Jennifer\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3796663202-1426937064-2068174289-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3796663202-1426937064-2068174289-1005 - Limited - Enabled)
Guest (S-1-5-21-3796663202-1426937064-2068174289-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3796663202-1426937064-2068174289-1007 - Limited - Enabled)
Jennifer (S-1-5-21-3796663202-1426937064-2068174289-1000 - Administrator - Enabled) => C:\Users\Jennifer
 
==================== Faulty Device Manager Devices =============
 
Name: AODDriver4.1
Description: AODDriver4.1
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.1
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/27/2015 06:59:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RzStats.Manager.exe, version: 1.0.0.32, time stamp: 0x546da4ee
Faulting module name: libcef.dll, version: 3.1453.1255.0, time stamp: 0x518aa75e
Exception code: 0x4000001f
Fault offset: 0x0015ab50
Faulting process id: 0x165c
Faulting application start time: 0xRzStats.Manager.exe0
Faulting application path: RzStats.Manager.exe1
Faulting module path: RzStats.Manager.exe2
Report Id: RzStats.Manager.exe3
 
Error: (02/26/2015 10:23:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service avast! Antivirus since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (02/26/2015 10:23:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.
 
System Error:
The system cannot find the file specified.
.
 
Error: (02/26/2015 10:23:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSnx.
 
System Error:
The system cannot find the file specified.
.
 
Error: (02/26/2015 10:23:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! Revert.
 
System Error:
The system cannot find the file specified.
.
 
Error: (02/26/2015 10:23:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswRdr.
 
System Error:
The system cannot find the file specified.
.
 
Error: (02/26/2015 10:23:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt.
 
System Error:
The system cannot find the file specified.
.
 
Error: (02/26/2015 10:22:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service avast! Antivirus since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (02/26/2015 10:22:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.
 
System Error:
The system cannot find the file specified.
.
 
Error: (02/26/2015 10:22:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSnx.
 
System Error:
The system cannot find the file specified.
.
 
 
System errors:
=============
Error: (02/27/2015 06:52:41 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (02/27/2015 06:52:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
RzFilter
 
Error: (02/27/2015 06:52:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Razer Game Scanner service failed to start due to the following error: 
%%1053
 
Error: (02/27/2015 06:52:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Razer Game Scanner service to connect.
 
Error: (02/27/2015 06:51:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.1 service failed to start due to the following error: 
%%3
 
Error: (02/27/2015 06:51:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMD FUEL Service service failed to start due to the following error: 
%%2
 
Error: (02/27/2015 06:51:11 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (02/26/2015 11:58:40 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
 
Error: (02/25/2015 11:08:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (02/25/2015 11:08:17 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
Error: (02/27/2015 06:59:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RzStats.Manager.exe1.0.0.32546da4eelibcef.dll3.1453.1255.0518aa75e4000001f0015ab50165c01d05295902e7565C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exeC:\Users\Jennifer\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dlld0ddfaf8-be88-11e4-9041-f80f41485b7e
 
Error: (02/26/2015 10:23:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service avast! Antivirus since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (02/26/2015 10:23:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.
 
System Error:
The system cannot find the file specified.
 
Error: (02/26/2015 10:23:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSnx.
 
System Error:
The system cannot find the file specified.
 
Error: (02/26/2015 10:23:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! Revert.
 
System Error:
The system cannot find the file specified.
 
Error: (02/26/2015 10:23:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswRdr.
 
System Error:
The system cannot find the file specified.
 
Error: (02/26/2015 10:23:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt.
 
System Error:
The system cannot find the file specified.
 
Error: (02/26/2015 10:22:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service avast! Antivirus since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (02/26/2015 10:22:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.
 
System Error:
The system cannot find the file specified.
 
Error: (02/26/2015 10:22:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSnx.
 
System Error:
The system cannot find the file specified.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-16 14:22:47.801
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-16 14:22:47.731
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-3820 APU with Radeon™ HD Graphics
Percentage of memory in use: 32%
Total physical RAM: 7636.71 MB
Available physical RAM: 5121 MB
Total Pagefile: 15271.6 MB
Available Pagefile: 12547.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1862.79 GB) (Free:1110 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: DA15B420)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

  • 0

#5
Dohnovan
Posted 27 February 2015 - 08:10 AM

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Sorry about the late reply and the seperate posts


  • 0

#6
Dohnovan
Posted 27 February 2015 - 08:22 AM

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
# AdwCleaner v4.111 - Logfile created 27/02/2015 at 07:16:58
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Jennifer - JENNIFER-PC
# Running from : C:\Users\Jennifer\Downloads\adwcleaner_4.111.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Jennifer\AppData\Local\CrashRpt
Folder Deleted : C:\ProgramData\fhciaaehadeekancjplcmndhgjofifnn
Folder Deleted : C:\ProgramData\oknkhljlbonlgiegffbbpibnmjljpnbg
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v40.0.2214.115
 
[C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
-\\ Chromium v
 
[C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1664 bytes] - [27/02/2015 07:12:53]
AdwCleaner[S0].txt - [1779 bytes] - [27/02/2015 07:16:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1838  bytes] ##########

  • 0

#7
dbreeze
Posted 27 February 2015 - 09:04 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
FIRST STEP >>>>

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3796663202-1426937064-2068174289-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> No File
BHO-x32: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Program Files (x86)\ArcPlugins\NPSWF32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Extension: No Name - C:\PROGRA~2\MOZILL~1\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR Extension: (No Name) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-25]
CHR Extension: (No Name) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-16]
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [X]
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
S2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 nvraid; \SystemRoot\system32\drivers\nvraid.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
C:\Windows\system32\drivers\EagleX64.sys
C:\Windows\system32\drivers\nvraid.sys
C:\Windows\System32\DRIVERS\taphss6.sys
2014-12-14 21:37 - 2014-12-14 21:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Jennifer\AppData\Local\Temp\VSUSetup.exe
CustomCLSID: HKU\S-1-5-21-3796663202-1426937064-2068174289-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3796663202-1426937064-2068174289-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
C:\Users\Jennifer\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll
Task: {0A22E98E-07D5-468D-BA79-BC386F274091} - System32\Tasks\{422FF63E-5445-4D5F-9683-7F403EF71BE4} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {226D0725-8398-40E0-8874-A8F77E2351DD} - System32\Tasks\{A7D6ED4C-9E53-41AC-A275-396D94C3DF37} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {2388753E-A1DC-4143-9F2A-4368C36498D5} - System32\Tasks\{D1216D47-624B-44C3-801F-547FC9494A31} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {8314096D-4A38-4D20-B18B-133DCB315261} - System32\Tasks\{DF76B1F9-3101-4848-B770-C5A449D86117} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {980309FC-3CD5-41A0-8789-769E042FC239} - System32\Tasks\{EC591D39-E54C-48F9-ADDD-1A302B8AE815} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {A14927BE-15E3-49CF-BA93-1535742C73AE} - System32\Tasks\{BD50D5B9-3F95-459C-80F7-B9617ABB36C3} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {A6D9AD91-F755-4F0F-83BB-562D55EF25E1} - System32\Tasks\{9BBCC007-61D2-4A85-A23C-4695B17A9D6E} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {B077AAC1-E802-4E2F-A310-CEF1C2536EA9} - System32\Tasks\{6A2C7DE8-D2DF-4AB8-AECA-A0099B0648A8} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {C1310865-CAB2-458C-8A64-03CADE054747} - System32\Tasks\{5191FA3E-3FFE-439C-B697-E457C01E90C0} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: {F0970072-3090-41F7-A738-FC27498EE9B7} - System32\Tasks\{F880F727-B8E2-40D3-9D6A-EE19EB46DD19} => C:\Program Files (x86)\Glyph\GlyphClient.exe [2015-01-09] (Trion Worlds Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
CMD: ipconfig /flushdns
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
EmptyTemp:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

SECOND STEP >>>>

Malwarebytes' Anti-Malware
Please Launch Malwarebytes' Anti-Malware from your desktop icon or the start menu item. Notice that I want this to scan your system but I will be reviewing the log to manually remove anything it finds.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link

2a308da4-c469-4a72-b86c-84c05ca1e6a6_zps

Once the program has loaded and updated, select "Scan Now >>" to start the scan.
5f2fe168-2571-4c73-a1e8-945d5aae9e1e_zps

The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.

MBAMfoundMalwarescan_zpsafe36848.png
Please click on the Export Log button and select the As text file from the dropdown list. I would suggest you save the file on your desktop (as we need the report attached here for review and it is easy to find on the desktop).

After you have saved the report file, return to the Potential Threats Detected page and click on Cancel. You can close MBAM after that.

Please Copy and Paste the report file to a post here; I will review the file and script what needs to be removed.

 


Information to Reply with >>>>
  • The Fixlog.txt log file text.
  • The MalwareBytes Antimalware scan log.
  • How is the system now?

  • 0

#8
dbreeze
Posted 04 March 2015 - 02:37 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Do you still need some help with this?


  • 0

#9
dbreeze
Posted 09 March 2015 - 09:21 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP