Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

my computer is infected

In Progress

  • Please log in to reply

#1
Stuzilla

Stuzilla

    Member

  • Member
  • PipPip
  • 17 posts

hey my computer is infected with some sort of ad software i've already ran mbam to try and clear it out but nothing seems to have shifted im prettu sure its something called wallbuttress 

 

 

here are the requested logs 

 

 

seScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by Suzilla (administrator) on THOR on 14-04-2015 03:10:41
Running from C:\Users\Suzilla\Desktop\New folder (3)
Loaded Profiles: Suzilla (Available profiles: Suzilla & Mcx1-THOR)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(mIRC Co. Ltd.) C:\Program Files (x86)\mIRC\mirc.exe
(Flux Software LLC) C:\Users\Suzilla\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\Suzilla\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Suzilla\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Windows\Temp\SKY6578.tmp
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\sc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-10-28] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [Google Update] => C:\Users\Suzilla\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-09] (Valve Corporation)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [F.lux] => C:\Users\Suzilla\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [Spotify Web Helper] => C:\Users\Suzilla\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-09] (Spotify Ltd)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [uTorrent] => C:\Users\Suzilla\AppData\Roaming\uTorrent\uTorrent.exe [1742928 2015-03-04] (BitTorrent Inc.)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [Spotify] => C:\Users\Suzilla\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-09] (Spotify Ltd)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\MountPoints2: {f6352834-ed89-11e3-a910-6c626d6b7a39} - J:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\Flux.scr [286720 2010-06-24] ()
Startup: C:\Users\Suzilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GarageBand.lnk
ShortcutTarget: GarageBand.lnk -> C:\ProgramData\{2f2f7393-7e90-1937-2f2f-f73937e9ce4d}\GarageBand.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coo...&cc=GB&unqvl=85
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coo...&cc=GB&unqvl=85
SearchScopes: HKU\S-1-5-21-3414432899-1644431961-3641730241-1000 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coo...&cc=GB&unqvl=85
SearchScopes: HKU\S-1-5-21-3414432899-1644431961-3641730241-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coo...&cc=GB&unqvl=85
SearchScopes: HKU\S-1-5-21-3414432899-1644431961-3641730241-1000 -> {F89009D2-2A23-4629-955A-BE81FE6815E0} URL = http://uk.search.yah...p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: No Name -> {29AAADC9-DA30-4264-BCC4-D447F7146FC1} ->  No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-23] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-23] (Oracle Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-06] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-10-28] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-10-28] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3414432899-1644431961-3641730241-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Suzilla\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-3414432899-1644431961-3641730241-1000: @talk.google.com/O1DPlugin -> C:\Users\Suzilla\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-3414432899-1644431961-3641730241-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Suzilla\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3414432899-1644431961-3641730241-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Suzilla\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Suzilla\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Suzilla\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-28]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> google.co.uk
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Google Cast) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-10-23]
CHR Extension: (Google Search) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (Radioplayer) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcppdfelojakeahklfgkjegnpbgndoch [2014-07-28]
CHR Extension: (Hate Me Theme) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjphappdihjiebpjehhopffddlpihaep [2011-09-29]
CHR Extension: (AdBlock) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
StartMenuInternet: Google Chrome - C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-17] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S2 NMSAccess; "C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe"  [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NETMD760; C:\Windows\System32\Drivers\NETMD760.sys [19456 2012-03-28] (Sony Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 StMp3Recx64; C:\Windows\System32\Drivers\StMp3Recx64.sys [26112 2007-01-12] (Generic)
S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [260608 2012-02-27] (Jungo)
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va005; \??\C:\Users\Suzilla\AppData\Local\Temp\005C20E.tmp [X]
S3 X6va006; \??\C:\Users\Suzilla\AppData\Local\Temp\00610E.tmp [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-14 02:50 - 2015-04-14 02:50 - 00000020 _____ () C:\Users\Suzilla\AppData\Roaming\appdataFr3.bin
2015-04-14 02:49 - 2015-04-14 03:10 - 00000000 ____D () C:\FRST
2015-04-14 02:48 - 2015-04-14 03:10 - 00000000 ____D () C:\Users\Suzilla\Desktop\New folder (3)
2015-04-14 02:29 - 2015-04-14 03:06 - 00000000 ____D () C:\Program Files (x86)\WallButtress
2015-04-07 23:31 - 2015-04-07 23:31 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\Mozilla
2015-04-06 15:12 - 2015-04-14 03:07 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3414432899-1644431961-3641730241-1000
2015-04-06 15:11 - 2015-04-14 03:07 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3414432899-1644431961-3641730241-1000
2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-31 21:05 - 2015-03-31 21:05 - 00000000 ____D () C:\Users\Suzilla\Desktop\Vapour ecigs
2015-03-31 21:04 - 2015-03-31 21:04 - 00043101 _____ () C:\Users\Suzilla\Documents\Untitled Project.prproj
2015-03-31 21:04 - 2015-03-31 21:04 - 00000000 ____D () C:\Users\Suzilla\Documents\Adobe Premiere Pro Preview Files
2015-03-30 16:20 - 2015-04-14 02:30 - 00000000 ____D () C:\ProgramData\35ab69cc00001441
2015-03-30 16:16 - 2015-04-06 15:04 - 00000000 ____D () C:\Program Files (x86)\HTTP Headers
2015-03-30 16:15 - 2015-04-06 15:04 - 00000000 ____D () C:\Program Files (x86)\SalEEPluus
2015-03-30 16:15 - 2015-03-30 16:15 - 00000000 ____D () C:\ProgramData\leglflomamddfnaebemldglhjlhbihle
2015-03-30 16:15 - 2015-03-30 16:15 - 00000000 ____D () C:\ProgramData\2274517119249075719
2015-03-30 16:14 - 2015-04-14 02:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-30 16:14 - 2015-04-06 15:04 - 00000000 ____D () C:\ProgramData\{2f2f7393-7e90-1937-2f2f-f73937e9ce4d}
2015-03-30 16:13 - 2015-03-30 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-30 16:13 - 2015-03-30 16:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-30 16:13 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-30 16:13 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-29 17:31 - 2015-03-31 21:14 - 17310144 _____ () C:\Users\Suzilla\Desktop\DSCF1379.AVI
2015-03-29 17:13 - 2015-03-29 17:16 - 00000000 ____D () C:\Users\Suzilla\Desktop\New folder (2)
2015-03-21 01:44 - 2015-03-21 01:44 - 00104996 _____ () C:\Users\Suzilla\Documents\Untitled Project.aep
2015-03-20 23:49 - 2015-03-13 16:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-20 23:47 - 2015-03-13 20:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-20 23:47 - 2015-03-13 20:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-03-20 23:47 - 2015-03-13 20:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-03-20 23:46 - 2015-03-13 20:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-20 23:46 - 2015-03-13 20:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-20 23:46 - 2015-03-13 20:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-20 23:46 - 2015-03-13 20:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-20 23:46 - 2015-03-13 20:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-20 23:46 - 2015-03-13 20:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-20 23:46 - 2015-03-13 20:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-17 00:51 - 2015-03-17 00:51 - 04620764 _____ () C:\Users\Suzilla\Documents\ejuicemeup.zip
2015-03-15 13:52 - 2015-03-15 13:52 - 00000000 ____D () C:\Users\Suzilla\Tracing
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-14 03:12 - 2012-05-06 01:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-14 03:12 - 2011-09-30 04:23 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\Skype
2015-04-14 03:11 - 2011-09-30 04:23 - 00000000 ____D () C:\ProgramData\Skype
2015-04-14 03:09 - 2011-11-07 04:03 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\NoNameScript
2015-04-14 03:09 - 2011-09-30 20:46 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\uTorrent
2015-04-14 03:07 - 2014-06-07 18:19 - 00000000 ____D () C:\Users\Suzilla\AppData\Local\HTC MediaHub
2015-04-14 03:07 - 2013-12-06 17:14 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-14 03:07 - 2009-07-14 05:51 - 00027776 _____ () C:\Windows\setupact.log
2015-04-14 03:06 - 2011-10-02 14:13 - 00231702 _____ () C:\Windows\PFRO.log
2015-04-14 03:06 - 2011-10-01 03:00 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-04-14 03:06 - 2011-09-29 17:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-14 03:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-14 03:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2015-04-14 03:05 - 2011-09-29 16:06 - 01753711 _____ () C:\Windows\WindowsUpdate.log
2015-04-14 03:02 - 2013-12-06 17:14 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-14 02:30 - 2011-09-30 03:44 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-14 02:30 - 2011-09-29 17:42 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3414432899-1644431961-3641730241-1000UA.job
2015-04-13 06:30 - 2011-09-29 17:42 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3414432899-1644431961-3641730241-1000Core.job
2015-04-12 18:02 - 2011-10-02 20:36 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\vlc
2015-04-12 03:43 - 2011-10-02 13:24 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-04-12 03:42 - 2014-09-29 03:53 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\TS3Client
2015-04-11 15:22 - 2009-07-14 05:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-11 15:22 - 2009-07-14 05:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-09 20:32 - 2012-02-29 11:58 - 00000000 ____D () C:\Users\Suzilla\AppData\Local\Spotify
2015-04-09 18:24 - 2012-02-29 11:58 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\Spotify
2015-04-09 18:09 - 2012-02-29 11:58 - 00001811 _____ () C:\Users\Suzilla\Desktop\Spotify.lnk
2015-04-09 18:09 - 2012-02-29 11:58 - 00001797 _____ () C:\Users\Suzilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-08 18:07 - 2015-03-04 19:08 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3414432899-1644431961-3641730241-1000
2015-04-08 18:07 - 2015-03-04 19:07 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3414432899-1644431961-3641730241-1000
2015-04-06 16:38 - 2011-10-28 12:27 - 00000000 ____D () C:\Users\Suzilla\AppData\Local\Adobe
2015-04-06 16:37 - 2012-05-06 01:02 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-06 16:37 - 2012-05-06 01:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-06 16:37 - 2011-09-30 10:51 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-06 15:13 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-02 22:31 - 2011-09-29 17:48 - 00002374 _____ () C:\Users\Suzilla\Desktop\Google Chrome.lnk
2015-03-31 20:52 - 2014-08-08 02:40 - 00000000 ____D () C:\Users\Suzilla\Downloads\vapourecigs
2015-03-30 16:30 - 2011-10-28 12:44 - 00000000 ____D () C:\Users\Suzilla\Documents\Adobe
2015-03-30 16:13 - 2012-02-07 00:02 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-30 16:13 - 2012-02-07 00:02 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\Malwarebytes
2015-03-30 16:13 - 2012-02-07 00:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-20 23:50 - 2014-06-07 02:01 - 00000000 ____D () C:\Temp
2015-03-20 23:50 - 2012-05-28 01:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-20 23:48 - 2011-09-29 17:31 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-17 00:52 - 2014-07-08 13:17 - 00002785 _____ () C:\Users\Public\Desktop\eJuice Me Up.lnk
2015-03-15 13:52 - 2014-10-17 07:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-15 13:52 - 2011-09-29 16:23 - 00000000 ____D () C:\Users\Suzilla
 
==================== Files in the root of some directories =======
 
2011-10-28 18:03 - 2011-10-28 18:20 - 0000132 _____ () C:\Users\Suzilla\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-04-14 02:50 - 2015-04-14 02:50 - 0000020 _____ () C:\Users\Suzilla\AppData\Roaming\appdataFr3.bin
2011-10-28 15:37 - 2012-05-03 20:35 - 0001456 _____ () C:\Users\Suzilla\AppData\Local\Adobe Save for Web 12.0 Prefs
2011-10-28 21:25 - 2014-02-07 16:08 - 0005120 _____ () C:\Users\Suzilla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-09 01:49 - 2014-01-02 20:41 - 0007597 _____ () C:\Users\Suzilla\AppData\Local\Resmon.ResmonCfg
2015-03-30 16:20 - 2015-03-30 16:21 - 0011878 _____ () C:\Users\Suzilla\AppData\Local\Temp-log.txt
 
Some content of TEMP:
====================
C:\Users\Suzilla\AppData\Local\Temp\bassmod.dll
C:\Users\Suzilla\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Suzilla\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Suzilla\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Suzilla\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Suzilla\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\Suzilla\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Suzilla\AppData\Local\Temp\lowproc.exe
C:\Users\Suzilla\AppData\Local\Temp\mirc634.exe
C:\Users\Suzilla\AppData\Local\Temp\mirc722.exe
C:\Users\Suzilla\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Suzilla\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Suzilla\AppData\Local\Temp\nvStInst.exe
C:\Users\Suzilla\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_64.exe
C:\Users\Suzilla\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Suzilla\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Suzilla\AppData\Local\Temp\sfextra.dll
C:\Users\Suzilla\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Suzilla\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Suzilla\AppData\Local\Temp\stubhelper.dll
C:\Users\Suzilla\AppData\Local\Temp\tbuTor.dll
C:\Users\Suzilla\AppData\Local\Temp\uninstall.exe
C:\Users\Suzilla\AppData\Local\Temp\uttF275.tmp.exe
C:\Users\Suzilla\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\Suzilla\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Suzilla\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Suzilla\AppData\Local\Temp\wget.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-04 00:56
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by Suzilla at 2015-04-14 03:13:12
Running from C:\Users\Suzilla\Desktop\New folder (3)
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Ads Remover (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - Ads Remover) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.9.2 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.4.9.2 - ASUSTek COMPUTER INC.) Hidden
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eJuice Me Up (HKLM-x32\...\{399E77D0-5CEC-41CE-AC95-179E2A0B1893}) (Version: 15.3 - Breaktru Software)
eJuice Me Up (HKLM-x32\...\{7C162270-CA72-441F-8349-B0773B97586C}) (Version: 14.1 - Breaktru Software)
f.lux (HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Flux) (Version:  - )
Google Chrome (HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.11.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.13.0 - HTC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lego Harry Potter (HKLM-x32\...\Steam App 21130) (Version:  - TT Games)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 6.34 - mIRC Co. Ltd.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
NNScript (HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\NoNameScript) (Version: 4.22 - ESNation)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{24B89186-2A56-4D28-B930-6F4FCF224E2F}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
Really Slick Screensavers 0.2 (HKLM-x32\...\ReallySlickScreensavers) (Version:  - )
RealNetworks - Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version:  - Frontier)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.32.1010 - Electronic Arts Inc.)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WallButtress (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{6247f917}) (Version:  - Software Publisher) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
YiHi SXi (HKLM-x32\...\{BA7146B9-9208-4341-87D0-A0A30064AD2D}) (Version: 1.9.0 - YiHiEcigar)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3414432899-1644431961-3641730241-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Suzilla\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3414432899-1644431961-3641730241-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Suzilla\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3414432899-1644431961-3641730241-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Suzilla\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3414432899-1644431961-3641730241-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Suzilla\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3414432899-1644431961-3641730241-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Suzilla\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3414432899-1644431961-3641730241-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Suzilla\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3414432899-1644431961-3641730241-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Suzilla\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
07-04-2015 15:18:20 Windows Update
11-04-2015 15:18:14 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2011-10-28 12:44 - 00001451 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 practivate.adobe
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.newoa
127.0.0.1 practivate.adobe.ntp
127.0.0.1 practivate.adobe.ipp
127.0.0.1 ereg.adobe.com
127.0.0.1 ereg.wip.adobe.com
127.0.0.1 ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com
 
There are 18 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0121BB15-D876-4730-9DED-557F6DF4DB60} - System32\Tasks\{85BB894E-3910-4BAB-AACC-6F00CBB56258} => pcalua.exe -a C:\Users\Suzilla\Downloads\vapourecigs\Pearl2004_v1.2.exe -d C:\Users\Suzilla\Downloads\vapourecigs
Task: {1E75A8DF-BC30-43F9-8B18-F2B331C58994} - System32\Tasks\{DD36AC0E-DDD7-4892-9AAC-D471F9C9593B} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {2506C7A2-24EF-4A2F-A42E-36A8E0948E08} - System32\Tasks\{77F36B00-94D8-4DD9-BE6B-5632F7121898} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {329D8603-EE24-449A-8D0A-336C26E31B84} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {346D8F0A-661E-4C5F-A217-2569813E2055} - System32\Tasks\{E8605B7F-C63F-4C6B-A628-10A7AABEC785} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {34948D95-6B02-4E49-AFFC-D1D7C646E400} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3414432899-1644431961-3641730241-1000Core => C:\Users\Suzilla\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {378B3E66-D8A7-4324-A93D-CB33A5B0F9D3} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {3B7A4E33-A5B6-4584-B485-941F90DDBDC5} - System32\Tasks\{43D6963B-FA1E-4EE4-85D1-E347366DC8C5} => C:\Program Files (x86)\Origin Games\The Sims 3\Game\Bin\Sims3Launcher.exe
Task: {3D537326-9FC2-4AA2-A0CA-12BD9D725798} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06] (Google Inc.)
Task: {40848F1B-CFF4-493D-9A4E-9C829C6CCBEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06] (Google Inc.)
Task: {43687A07-B2B7-4BD2-B811-32A7A4F46484} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3414432899-1644431961-3641730241-1000UA => C:\Users\Suzilla\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {6A1739BB-F1B5-4132-9770-E8C31D6CF77B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3414432899-1644431961-3641730241-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {6DF0D315-CE47-4A45-800D-E3BFE7A48CA2} - System32\Tasks\{D685DCD5-7B27-4A90-BB0A-707D40141936} => pcalua.exe -a C:\Users\Suzilla\Downloads\PA_DRIVER-V.EXE -d C:\Users\Suzilla\Downloads
Task: {7618E86F-0142-4E33-B2AD-F8ED93418689} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3414432899-1644431961-3641730241-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {788641D7-B16D-49A4-AFFC-F9CFFA993837} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-THOR => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: {84434BB8-75B7-4C53-9FD7-92D6B94B905C} - System32\Tasks\{F19669BA-3BB4-473D-AD0D-F34E112DB9C4} => C:\Program Files (x86)\MSI\Live Update 5\StartControlCenter.exe
Task: {86AE5BE2-B5C7-435C-8541-A383AE87F95F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {8EB8AD11-344D-4E4E-A832-AE084F6A8043} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3414432899-1644431961-3641730241-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {96FBD20D-EC3D-46D4-AC11-217F1DFC2041} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3414432899-1644431961-3641730241-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {98BA4B2D-15E3-48FD-A561-89B6961AEE0E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {9CF3ED2B-B557-4789-91A4-CA898492D847} - System32\Tasks\{94890C69-3B7C-425E-9E8F-D06499D26B44} => pcalua.exe -a C:\Users\Suzilla\Downloads\nnscript422.exe -d C:\Users\Suzilla\Downloads
Task: {AAA8E07C-CF3A-467A-B1A1-4079588F7854} - System32\Tasks\{144360E6-9329-4C1F-8FB4-3AD8905FE8C4} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/91900
Task: {BA4AD5C9-063C-4306-B950-1A945E65AC99} - System32\Tasks\{09A7401A-A116-454E-96B7-A106EFFA97BE} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {BF314498-D87E-4E52-B74D-C40E3816A4BD} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3414432899-1644431961-3641730241-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C3F82A5D-B881-4352-BBF5-CA182AD85231} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CBD78E4B-52C9-4AE4-BADC-F052A1A67C94} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3414432899-1644431961-3641730241-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CDE4D9AD-B07E-4934-B7DC-39F6B3167C34} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {DDAFF6A6-FBC3-43FD-A9DC-3C910AFC7E2C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3414432899-1644431961-3641730241-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E422569A-4F9C-47BA-ABA5-BE624BE755F1} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {E9F37742-3605-4F17-AC50-242294A5943D} - System32\Tasks\{87CB8583-6398-46FB-9640-06CAFE582889} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {EB7E3AAB-3C56-4BA5-B578-E15D1E9D46A0} - System32\Tasks\{45343C14-E505-472C-96B3-28E2278AFF5D} => pcalua.exe -a C:\Users\Suzilla\Downloads\vapourecigs\Pearl2004Sim_v1.exe -d C:\Users\Suzilla\Downloads\vapourecigs
Task: {F35A6AE4-DCB5-41AC-9E3A-EA82DFF34405} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-06] (Adobe Systems Incorporated)
Task: {F393B723-628D-4522-A648-61E4BDFD423A} - System32\Tasks\{315DF5FA-9DE8-429F-AB5B-C1DCABDF4806} => C:\Program Files (x86)\Steam\steamapps\common\silent hill homecoming\Bin\SilentHill.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3414432899-1644431961-3641730241-1000Core.job => C:\Users\Suzilla\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3414432899-1644431961-3641730241-1000UA.job => C:\Users\Suzilla\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-10-22 15:59 - 2015-03-13 17:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-17 12:24 - 2012-01-17 12:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-05-27 12:33 - 2014-05-27 12:33 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-05-27 12:33 - 2014-05-27 12:33 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-05-27 12:34 - 2014-05-27 12:34 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-05-27 12:35 - 2014-05-27 12:35 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2007-11-26 13:38 - 2007-11-26 13:38 - 00072192 _____ () C:\Users\Suzilla\AppData\Roaming\NoNameScript\scripts\dlls\nnscript.dll
2008-02-12 17:31 - 2008-02-12 17:31 - 00293376 _____ () C:\Users\Suzilla\AppData\Roaming\NoNameScript\scripts\dlls\dcx.dll
2015-04-02 22:31 - 2015-03-30 22:07 - 01174856 _____ () C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-02 22:31 - 2015-03-30 22:07 - 00080200 _____ () C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-02 22:31 - 2015-03-30 22:07 - 09279304 _____ () C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-02 22:31 - 2015-03-30 22:07 - 14974280 _____ () C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Suzilla\Local Settings:49ou8coKZ974A4jQnQ9Urp0ccf
AlternateDataStreams: C:\Users\Suzilla\AppData\Local:49ou8coKZ974A4jQnQ9Urp0ccf
AlternateDataStreams: C:\Users\Suzilla\AppData\Local\Application Data:49ou8coKZ974A4jQnQ9Urp0ccf
AlternateDataStreams: C:\Users\Suzilla\AppData\Local\Temporary Internet Files:0B9nRPW4muMzB3ZVc4gHRn
AlternateDataStreams: C:\Users\Suzilla\AppData\Local\Temporary Internet Files:8Ewh3o6tRnsYbNRTRk4gYwd9
AlternateDataStreams: C:\Users\Suzilla\AppData\Local\zHF8MzwDlaU7:psghxyLmEPG0mi2niX9ENSnQD
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Suzilla\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3414432899-1644431961-3641730241-500 - Administrator - Disabled)
Guest (S-1-5-21-3414432899-1644431961-3641730241-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3414432899-1644431961-3641730241-1008 - Limited - Enabled)
Mcx1-THOR (S-1-5-21-3414432899-1644431961-3641730241-1013 - Limited - Enabled) => C:\Users\Mcx1-THOR
Suzilla (S-1-5-21-3414432899-1644431961-3641730241-1000 - Administrator - Enabled) => C:\Users\Suzilla
 
==================== Faulty Device Manager Devices =============
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Marvell 91xx Config ATA Device
Description: Marvell 91xx Config ATA Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/14/2015 03:08:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004e4e4
Faulting process id: 0x8f0
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (04/13/2015 02:55:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/11/2015 01:25:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/10/2015 02:49:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/08/2015 11:40:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/08/2015 00:45:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/07/2015 02:20:03 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/06/2015 02:26:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/05/2015 03:37:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/04/2015 00:47:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (04/14/2015 03:12:09 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (04/14/2015 03:11:35 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
 
Error: (04/14/2015 03:07:20 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%886
 
Error Code: 0x80070005
 
Error description: Access is denied. 
 
Reason: %%892
 
Error: (04/14/2015 03:07:19 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (04/07/2015 03:17:21 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (04/07/2015 03:17:18 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (04/06/2015 03:20:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (04/06/2015 03:17:18 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (04/06/2015 03:07:22 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (04/06/2015 03:07:22 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%886
 
Error Code: 0x80070005
 
Error description: Access is denied. 
 
Reason: %%892
 
 
Microsoft Office Sessions:
=========================
Error: (04/14/2015 03:08:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e48f001d07657ab7a693aC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll1eebe6fd-e24b-11e4-abe8-6c626d6b7a39
 
Error: (04/13/2015 02:55:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (04/11/2015 01:25:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (04/10/2015 02:49:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (04/08/2015 11:40:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (04/08/2015 00:45:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (04/07/2015 02:20:03 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (04/06/2015 02:26:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (04/05/2015 03:37:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (04/04/2015 00:47:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 35%
Total physical RAM: 8183.11 MB
Available physical RAM: 5259.04 MB
Total Pagefile: 16364.41 MB
Available Pagefile: 13204.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.79 GB) (Free:48.62 GB) NTFS
Drive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: (Mass Storage) (Fixed) (Total:931.41 GB) (Free:153.57 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B6C637CC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0B548A72)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
Did we get it?

  • 0

#3
Stuzilla

Stuzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-04-2015
Ran by Suzilla at 2015-04-14 11:17:51 Run:1
Running from C:\Users\Suzilla\Desktop\New folder (3)
Loaded Profiles: Suzilla (Available profiles: Suzilla & Mcx1-THOR)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
ShortcutTarget: GarageBand.lnk -> C:\ProgramData\{2f2f7393-7e90-1937-2f2f-f73937e9ce4d}\GarageBand.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coo...&cc=GB&unqvl=85
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coo...&cc=GB&unqvl=85
SearchScopes: HKU\S-1-5-21-3414432899-1644431961-3641730241-1000 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coo...&cc=GB&unqvl=85
SearchScopes: HKU\S-1-5-21-3414432899-1644431961-3641730241-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coo...&cc=GB&unqvl=85
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S2 NMSAccess; "C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe"  [X]
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va005; \??\C:\Users\Suzilla\AppData\Local\Temp\005C20E.tmp [X]
S3 X6va006; \??\C:\Users\Suzilla\AppData\Local\Temp\00610E.tmp [X]
2015-04-14 02:29 - 2015-04-14 03:06 - 00000000 ____D () C:\Program Files (x86)\WallButtress
2015-03-30 16:20 - 2015-04-14 02:30 - 00000000 ____D () C:\ProgramData\35ab69cc00001441
2015-03-30 16:16 - 2015-04-06 15:04 - 00000000 ____D () C:\Program Files (x86)\HTTP Headers
2015-03-30 16:15 - 2015-04-06 15:04 - 00000000 ____D () C:\Program Files (x86)\SalEEPluus
2015-03-30 16:15 - 2015-03-30 16:15 - 00000000 ____D () C:\ProgramData\leglflomamddfnaebemldglhjlhbihle
2015-03-30 16:15 - 2015-03-30 16:15 - 00000000 ____D () C:\ProgramData\2274517119249075719
2015-03-30 16:14 - 2015-04-06 15:04 - 00000000 ____D () C:\ProgramData\{2f2f7393-7e90-1937-2f2f-f73937e9ce4d}
C:\Users\Suzilla\AppData\Local\Temp\bassmod.dll
C:\Users\Suzilla\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Suzilla\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Suzilla\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Suzilla\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Suzilla\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\Suzilla\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Suzilla\AppData\Local\Temp\lowproc.exe
C:\Users\Suzilla\AppData\Local\Temp\mirc634.exe
C:\Users\Suzilla\AppData\Local\Temp\mirc722.exe
C:\Users\Suzilla\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Suzilla\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Suzilla\AppData\Local\Temp\nvStInst.exe
C:\Users\Suzilla\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_64.exe
C:\Users\Suzilla\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Suzilla\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Suzilla\AppData\Local\Temp\stubhelper.dll
C:\Users\Suzilla\AppData\Local\Temp\tbuTor.dll
C:\Users\Suzilla\AppData\Local\Temp\uninstall.exe
C:\Users\Suzilla\AppData\Local\Temp\uttF275.tmp.exe
C:\Users\Suzilla\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\Suzilla\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Suzilla\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Suzilla\AppData\Local\Temp\wget.exe
CustomCLSID: HKU\S-1-5-21-3414432899-1644431961-3641730241-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Suzilla\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3414432899-1644431961-3641730241-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Suzilla\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3414432899-1644431961-3641730241-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Suzilla\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3414432899-1644431961-3641730241-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Suzilla\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3414432899-1644431961-3641730241-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Suzilla\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3414432899-1644431961-3641730241-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Suzilla\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3414432899-1644431961-3641730241-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Suzilla\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
AlternateDataStreams: C:\Users\Suzilla\Local Settings:49ou8coKZ974A4jQnQ9Urp0ccf
AlternateDataStreams: C:\Users\Suzilla\AppData\Local:49ou8coKZ974A4jQnQ9Urp0ccf
AlternateDataStreams: C:\Users\Suzilla\AppData\Local\Application Data:49ou8coKZ974A4jQnQ9Urp0ccf
AlternateDataStreams: C:\Users\Suzilla\AppData\Local\Temporary Internet Files:0B9nRPW4muMzB3ZVc4gHRn
AlternateDataStreams: C:\Users\Suzilla\AppData\Local\Temporary Internet Files:8Ewh3o6tRnsYbNRTRk4gYwd9
AlternateDataStreams: C:\Users\Suzilla\AppData\Local\zHF8MzwDlaU7:psghxyLmEPG0mi2niX9ENSnQD 
 
*****************
 
C:\ProgramData\{2f2f7393-7e90-1937-2f2f-f73937e9ce4d}\GarageBand.exe not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found. 
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found. 
NMIndexingService => Service deleted successfully.
NMSAccess => Service deleted successfully.
IOMap => Unable to stop service
IOMap => Error deleting Service
lmimirr => Service deleted successfully.
MSI_MSIBIOS_010507 => Service deleted successfully.
NTIOLib_1_0_4 => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
X6va005 => Service deleted successfully.
X6va006 => Service deleted successfully.
C:\Program Files (x86)\WallButtress => Moved successfully.
C:\ProgramData\35ab69cc00001441 => Moved successfully.
C:\Program Files (x86)\HTTP Headers => Moved successfully.
C:\Program Files (x86)\SalEEPluus => Moved successfully.
C:\ProgramData\leglflomamddfnaebemldglhjlhbihle => Moved successfully.
C:\ProgramData\2274517119249075719 => Moved successfully.
C:\ProgramData\{2f2f7393-7e90-1937-2f2f-f73937e9ce4d} => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\bassmod.dll => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\drm_dyndata_7400009.dll => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\mirc634.exe => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\mirc722.exe => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\nvSCPAPI64.dll => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_64.exe => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\SpotifyUpgrader.exe => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\tbuTor.dll => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\uninstall.exe => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\uttF275.tmp.exe => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\vlc-2.0.2-win32.exe => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\vlc-2.0.5-win32.exe => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\vlc-2.0.6-win32.exe => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\wget.exe => Moved successfully.
"HKU\S-1-5-21-3414432899-1644431961-3641730241-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-3414432899-1644431961-3641730241-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-3414432899-1644431961-3641730241-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-3414432899-1644431961-3641730241-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => Key deleted successfully.
"HKU\S-1-5-21-3414432899-1644431961-3641730241-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
"HKU\S-1-5-21-3414432899-1644431961-3641730241-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.
"HKU\S-1-5-21-3414432899-1644431961-3641730241-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"C:\Users\Suzilla\Local Settings" => ":49ou8coKZ974A4jQnQ9Urp0ccf" ADS not found.
C:\Users\Suzilla\AppData\Local => ":49ou8coKZ974A4jQnQ9Urp0ccf" ADS removed successfully.
"C:\Users\Suzilla\AppData\Local\Application Data" => ":49ou8coKZ974A4jQnQ9Urp0ccf" ADS not found.
"C:\Users\Suzilla\AppData\Local\Temporary Internet Files" => ":0B9nRPW4muMzB3ZVc4gHRn" ADS not found.
"C:\Users\Suzilla\AppData\Local\Temporary Internet Files" => ":8Ewh3o6tRnsYbNRTRk4gYwd9" ADS not found.
C:\Users\Suzilla\AppData\Local\zHF8MzwDlaU7 => ":psghxyLmEPG0mi2niX9ENSnQD" ADS removed successfully.
 
==== End of Fixlog 11:17:59 ====
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by Suzilla (administrator) on THOR on 14-04-2015 11:21:12
Running from C:\Users\Suzilla\Desktop\New folder (3)
Loaded Profiles: Suzilla (Available profiles: Suzilla & Mcx1-THOR)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(mIRC Co. Ltd.) C:\Program Files (x86)\mIRC\mirc.exe
(Spotify Ltd) C:\Users\Suzilla\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Suzilla\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-10-28] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [Google Update] => C:\Users\Suzilla\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-09] (Valve Corporation)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [F.lux] => C:\Users\Suzilla\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [Spotify Web Helper] => C:\Users\Suzilla\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-09] (Spotify Ltd)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [uTorrent] => C:\Users\Suzilla\AppData\Roaming\uTorrent\uTorrent.exe [1742928 2015-03-04] (BitTorrent Inc.)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31683168 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [Spotify] => C:\Users\Suzilla\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-09] (Spotify Ltd)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\MountPoints2: {f6352834-ed89-11e3-a910-6c626d6b7a39} - J:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\Flux.scr [286720 2010-06-24] ()
Startup: C:\Users\Suzilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GarageBand.lnk
ShortcutTarget: GarageBand.lnk -> C:\ProgramData\{2f2f7393-7e90-1937-2f2f-f73937e9ce4d}\GarageBand.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3414432899-1644431961-3641730241-1000 -> {F89009D2-2A23-4629-955A-BE81FE6815E0} URL = http://uk.search.yah...p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: No Name -> {29AAADC9-DA30-4264-BCC4-D447F7146FC1} ->  No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-23] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-23] (Oracle Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-06] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-10-28] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-10-28] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3414432899-1644431961-3641730241-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Suzilla\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-3414432899-1644431961-3641730241-1000: @talk.google.com/O1DPlugin -> C:\Users\Suzilla\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-3414432899-1644431961-3641730241-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Suzilla\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3414432899-1644431961-3641730241-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Suzilla\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Suzilla\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Suzilla\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-28]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> google.co.uk
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Google Cast) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-10-23]
CHR Extension: (Google Search) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (Radioplayer) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcppdfelojakeahklfgkjegnpbgndoch [2014-07-28]
CHR Extension: (Hate Me Theme) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjphappdihjiebpjehhopffddlpihaep [2011-09-29]
CHR Extension: (AdBlock) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-14]
CHR Extension: (Google Wallet) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
StartMenuInternet: Google Chrome - C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-17] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NETMD760; C:\Windows\System32\Drivers\NETMD760.sys [19456 2012-03-28] (Sony Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 StMp3Recx64; C:\Windows\System32\Drivers\StMp3Recx64.sys [26112 2007-01-12] (Generic)
S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [260608 2012-02-27] (Jungo)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-14 02:50 - 2015-04-14 03:17 - 00000020 _____ () C:\Users\Suzilla\AppData\Roaming\appdataFr3.bin
2015-04-14 02:49 - 2015-04-14 11:21 - 00000000 ____D () C:\FRST
2015-04-14 02:48 - 2015-04-14 11:21 - 00000000 ____D () C:\Users\Suzilla\Desktop\New folder (3)
2015-04-07 23:31 - 2015-04-07 23:31 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\Mozilla
2015-04-06 15:12 - 2015-04-14 03:07 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3414432899-1644431961-3641730241-1000
2015-04-06 15:11 - 2015-04-14 03:07 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3414432899-1644431961-3641730241-1000
2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-31 21:05 - 2015-03-31 21:05 - 00000000 ____D () C:\Users\Suzilla\Desktop\Vapour ecigs
2015-03-31 21:04 - 2015-03-31 21:04 - 00043101 _____ () C:\Users\Suzilla\Documents\Untitled Project.prproj
2015-03-31 21:04 - 2015-03-31 21:04 - 00000000 ____D () C:\Users\Suzilla\Documents\Adobe Premiere Pro Preview Files
2015-03-30 16:14 - 2015-04-14 11:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-30 16:13 - 2015-03-30 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-30 16:13 - 2015-03-30 16:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-30 16:13 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-30 16:13 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-29 17:31 - 2015-03-31 21:14 - 17310144 _____ () C:\Users\Suzilla\Desktop\DSCF1379.AVI
2015-03-29 17:13 - 2015-03-29 17:16 - 00000000 ____D () C:\Users\Suzilla\Desktop\New folder (2)
2015-03-21 01:44 - 2015-03-21 01:44 - 00104996 _____ () C:\Users\Suzilla\Documents\Untitled Project.aep
2015-03-20 23:49 - 2015-03-13 16:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-20 23:47 - 2015-03-13 20:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-20 23:47 - 2015-03-13 20:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-03-20 23:47 - 2015-03-13 20:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-03-20 23:46 - 2015-03-13 20:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-20 23:46 - 2015-03-13 20:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-20 23:46 - 2015-03-13 20:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-20 23:46 - 2015-03-13 20:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-20 23:46 - 2015-03-13 20:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-20 23:46 - 2015-03-13 20:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-20 23:46 - 2015-03-13 20:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-17 00:51 - 2015-03-17 00:51 - 04620764 _____ () C:\Users\Suzilla\Documents\ejuicemeup.zip
2015-03-15 13:52 - 2015-03-15 13:52 - 00000000 ____D () C:\Users\Suzilla\Tracing
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-14 11:12 - 2012-05-06 01:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-14 11:02 - 2013-12-06 17:14 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-14 10:30 - 2011-09-29 17:42 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3414432899-1644431961-3641730241-1000UA.job
2015-04-14 08:00 - 2011-09-29 16:06 - 01783973 _____ () C:\Windows\WindowsUpdate.log
2015-04-14 06:30 - 2011-09-29 17:42 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3414432899-1644431961-3641730241-1000Core.job
2015-04-14 03:18 - 2011-11-07 04:03 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\NoNameScript
2015-04-14 03:14 - 2009-07-14 05:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-14 03:14 - 2009-07-14 05:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-14 03:13 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-14 03:12 - 2011-09-30 04:23 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\Skype
2015-04-14 03:11 - 2011-09-30 04:23 - 00000000 ____D () C:\ProgramData\Skype
2015-04-14 03:09 - 2011-09-30 20:46 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\uTorrent
2015-04-14 03:07 - 2014-06-07 18:19 - 00000000 ____D () C:\Users\Suzilla\AppData\Local\HTC MediaHub
2015-04-14 03:07 - 2013-12-06 17:14 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-14 03:07 - 2009-07-14 05:51 - 00027776 _____ () C:\Windows\setupact.log
2015-04-14 03:06 - 2011-10-02 14:13 - 00231702 _____ () C:\Windows\PFRO.log
2015-04-14 03:06 - 2011-10-01 03:00 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-04-14 03:06 - 2011-09-29 17:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-14 03:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-14 03:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2015-04-14 02:30 - 2011-09-30 03:44 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-12 18:02 - 2011-10-02 20:36 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\vlc
2015-04-12 03:43 - 2011-10-02 13:24 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-04-12 03:42 - 2014-09-29 03:53 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\TS3Client
2015-04-09 20:32 - 2012-02-29 11:58 - 00000000 ____D () C:\Users\Suzilla\AppData\Local\Spotify
2015-04-09 18:24 - 2012-02-29 11:58 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\Spotify
2015-04-09 18:09 - 2012-02-29 11:58 - 00001811 _____ () C:\Users\Suzilla\Desktop\Spotify.lnk
2015-04-09 18:09 - 2012-02-29 11:58 - 00001797 _____ () C:\Users\Suzilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-08 18:07 - 2015-03-04 19:08 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3414432899-1644431961-3641730241-1000
2015-04-08 18:07 - 2015-03-04 19:07 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3414432899-1644431961-3641730241-1000
2015-04-06 16:38 - 2011-10-28 12:27 - 00000000 ____D () C:\Users\Suzilla\AppData\Local\Adobe
2015-04-06 16:37 - 2012-05-06 01:02 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-06 16:37 - 2012-05-06 01:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-06 16:37 - 2011-09-30 10:51 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-02 22:31 - 2011-09-29 17:48 - 00002374 _____ () C:\Users\Suzilla\Desktop\Google Chrome.lnk
2015-03-31 20:52 - 2014-08-08 02:40 - 00000000 ____D () C:\Users\Suzilla\Downloads\vapourecigs
2015-03-30 16:30 - 2011-10-28 12:44 - 00000000 ____D () C:\Users\Suzilla\Documents\Adobe
2015-03-30 16:13 - 2012-02-07 00:02 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-30 16:13 - 2012-02-07 00:02 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\Malwarebytes
2015-03-30 16:13 - 2012-02-07 00:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-20 23:50 - 2014-06-07 02:01 - 00000000 ____D () C:\Temp
2015-03-20 23:50 - 2012-05-28 01:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-20 23:48 - 2011-09-29 17:31 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-17 00:52 - 2014-07-08 13:17 - 00002785 _____ () C:\Users\Public\Desktop\eJuice Me Up.lnk
2015-03-15 13:52 - 2014-10-17 07:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-15 13:52 - 2011-09-29 16:23 - 00000000 ____D () C:\Users\Suzilla
 
==================== Files in the root of some directories =======
 
2011-10-28 18:03 - 2011-10-28 18:20 - 0000132 _____ () C:\Users\Suzilla\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-04-14 02:50 - 2015-04-14 03:17 - 0000020 _____ () C:\Users\Suzilla\AppData\Roaming\appdataFr3.bin
2011-10-28 15:37 - 2012-05-03 20:35 - 0001456 _____ () C:\Users\Suzilla\AppData\Local\Adobe Save for Web 12.0 Prefs
2011-10-28 21:25 - 2014-02-07 16:08 - 0005120 _____ () C:\Users\Suzilla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-09 01:49 - 2014-01-02 20:41 - 0007597 _____ () C:\Users\Suzilla\AppData\Local\Resmon.ResmonCfg
2015-03-30 16:20 - 2015-03-30 16:21 - 0011878 _____ () C:\Users\Suzilla\AppData\Local\Temp-log.txt
 
Some content of TEMP:
====================
C:\Users\Suzilla\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Suzilla\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Suzilla\AppData\Local\Temp\sfextra.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-14 03:59
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by Suzilla at 2015-04-14 11:21:33
Running from C:\Users\Suzilla\Desktop\New folder (3)
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Ads Remover (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - Ads Remover) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.9.2 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.4.9.2 - ASUSTek COMPUTER INC.) Hidden
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eJuice Me Up (HKLM-x32\...\{399E77D0-5CEC-41CE-AC95-179E2A0B1893}) (Version: 15.3 - Breaktru Software)
eJuice Me Up (HKLM-x32\...\{7C162270-CA72-441F-8349-B0773B97586C}) (Version: 14.1 - Breaktru Software)
f.lux (HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Flux) (Version:  - )
Google Chrome (HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.11.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.13.0 - HTC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lego Harry Potter (HKLM-x32\...\Steam App 21130) (Version:  - TT Games)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 6.34 - mIRC Co. Ltd.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
NNScript (HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\NoNameScript) (Version: 4.22 - ESNation)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{24B89186-2A56-4D28-B930-6F4FCF224E2F}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
Really Slick Screensavers 0.2 (HKLM-x32\...\ReallySlickScreensavers) (Version:  - )
RealNetworks - Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version:  - Frontier)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.32.1010 - Electronic Arts Inc.)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WallButtress (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{6247f917}) (Version:  - Software Publisher) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
YiHi SXi (HKLM-x32\...\{BA7146B9-9208-4341-87D0-A0A30064AD2D}) (Version: 1.9.0 - YiHiEcigar)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
07-04-2015 15:18:20 Windows Update
11-04-2015 15:18:14 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2011-10-28 12:44 - 00001451 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 practivate.adobe
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.newoa
127.0.0.1 practivate.adobe.ntp
127.0.0.1 practivate.adobe.ipp
127.0.0.1 ereg.adobe.com
127.0.0.1 ereg.wip.adobe.com
127.0.0.1 ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com
 
There are 18 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0121BB15-D876-4730-9DED-557F6DF4DB60} - System32\Tasks\{85BB894E-3910-4BAB-AACC-6F00CBB56258} => pcalua.exe -a C:\Users\Suzilla\Downloads\vapourecigs\Pearl2004_v1.2.exe -d C:\Users\Suzilla\Downloads\vapourecigs
Task: {1E75A8DF-BC30-43F9-8B18-F2B331C58994} - System32\Tasks\{DD36AC0E-DDD7-4892-9AAC-D471F9C9593B} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {2506C7A2-24EF-4A2F-A42E-36A8E0948E08} - System32\Tasks\{77F36B00-94D8-4DD9-BE6B-5632F7121898} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {329D8603-EE24-449A-8D0A-336C26E31B84} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {346D8F0A-661E-4C5F-A217-2569813E2055} - System32\Tasks\{E8605B7F-C63F-4C6B-A628-10A7AABEC785} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {34948D95-6B02-4E49-AFFC-D1D7C646E400} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3414432899-1644431961-3641730241-1000Core => C:\Users\Suzilla\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {378B3E66-D8A7-4324-A93D-CB33A5B0F9D3} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {3B7A4E33-A5B6-4584-B485-941F90DDBDC5} - System32\Tasks\{43D6963B-FA1E-4EE4-85D1-E347366DC8C5} => C:\Program Files (x86)\Origin Games\The Sims 3\Game\Bin\Sims3Launcher.exe
Task: {3D537326-9FC2-4AA2-A0CA-12BD9D725798} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06] (Google Inc.)
Task: {40848F1B-CFF4-493D-9A4E-9C829C6CCBEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06] (Google Inc.)
Task: {43687A07-B2B7-4BD2-B811-32A7A4F46484} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3414432899-1644431961-3641730241-1000UA => C:\Users\Suzilla\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {6A1739BB-F1B5-4132-9770-E8C31D6CF77B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3414432899-1644431961-3641730241-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {6DF0D315-CE47-4A45-800D-E3BFE7A48CA2} - System32\Tasks\{D685DCD5-7B27-4A90-BB0A-707D40141936} => pcalua.exe -a C:\Users\Suzilla\Downloads\PA_DRIVER-V.EXE -d C:\Users\Suzilla\Downloads
Task: {7618E86F-0142-4E33-B2AD-F8ED93418689} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3414432899-1644431961-3641730241-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {788641D7-B16D-49A4-AFFC-F9CFFA993837} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-THOR => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: {84434BB8-75B7-4C53-9FD7-92D6B94B905C} - System32\Tasks\{F19669BA-3BB4-473D-AD0D-F34E112DB9C4} => C:\Program Files (x86)\MSI\Live Update 5\StartControlCenter.exe
Task: {86AE5BE2-B5C7-435C-8541-A383AE87F95F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {8EB8AD11-344D-4E4E-A832-AE084F6A8043} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3414432899-1644431961-3641730241-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {96FBD20D-EC3D-46D4-AC11-217F1DFC2041} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3414432899-1644431961-3641730241-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {98BA4B2D-15E3-48FD-A561-89B6961AEE0E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {9CF3ED2B-B557-4789-91A4-CA898492D847} - System32\Tasks\{94890C69-3B7C-425E-9E8F-D06499D26B44} => pcalua.exe -a C:\Users\Suzilla\Downloads\nnscript422.exe -d C:\Users\Suzilla\Downloads
Task: {AAA8E07C-CF3A-467A-B1A1-4079588F7854} - System32\Tasks\{144360E6-9329-4C1F-8FB4-3AD8905FE8C4} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/91900
Task: {BA4AD5C9-063C-4306-B950-1A945E65AC99} - System32\Tasks\{09A7401A-A116-454E-96B7-A106EFFA97BE} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {BF314498-D87E-4E52-B74D-C40E3816A4BD} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3414432899-1644431961-3641730241-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C3F82A5D-B881-4352-BBF5-CA182AD85231} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CBD78E4B-52C9-4AE4-BADC-F052A1A67C94} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3414432899-1644431961-3641730241-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CDE4D9AD-B07E-4934-B7DC-39F6B3167C34} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {DDAFF6A6-FBC3-43FD-A9DC-3C910AFC7E2C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3414432899-1644431961-3641730241-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E422569A-4F9C-47BA-ABA5-BE624BE755F1} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {E9F37742-3605-4F17-AC50-242294A5943D} - System32\Tasks\{87CB8583-6398-46FB-9640-06CAFE582889} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {EB7E3AAB-3C56-4BA5-B578-E15D1E9D46A0} - System32\Tasks\{45343C14-E505-472C-96B3-28E2278AFF5D} => pcalua.exe -a C:\Users\Suzilla\Downloads\vapourecigs\Pearl2004Sim_v1.exe -d C:\Users\Suzilla\Downloads\vapourecigs
Task: {F35A6AE4-DCB5-41AC-9E3A-EA82DFF34405} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-06] (Adobe Systems Incorporated)
Task: {F393B723-628D-4522-A648-61E4BDFD423A} - System32\Tasks\{315DF5FA-9DE8-429F-AB5B-C1DCABDF4806} => C:\Program Files (x86)\Steam\steamapps\common\silent hill homecoming\Bin\SilentHill.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3414432899-1644431961-3641730241-1000Core.job => C:\Users\Suzilla\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3414432899-1644431961-3641730241-1000UA.job => C:\Users\Suzilla\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-10-22 15:59 - 2015-03-13 17:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-17 12:24 - 2012-01-17 12:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-05-27 12:33 - 2014-05-27 12:33 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-05-27 12:33 - 2014-05-27 12:33 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-05-27 12:34 - 2014-05-27 12:34 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-05-27 12:35 - 2014-05-27 12:35 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2007-11-26 13:38 - 2007-11-26 13:38 - 00072192 _____ () C:\Users\Suzilla\AppData\Roaming\NoNameScript\scripts\dlls\nnscript.dll
2008-02-12 17:31 - 2008-02-12 17:31 - 00293376 _____ () C:\Users\Suzilla\AppData\Roaming\NoNameScript\scripts\dlls\dcx.dll
2015-04-02 22:31 - 2015-03-30 22:07 - 01174856 _____ () C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-02 22:31 - 2015-03-30 22:07 - 00080200 _____ () C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-02 22:31 - 2015-03-30 22:07 - 09279304 _____ () C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-02 22:31 - 2015-03-30 22:07 - 14974280 _____ () C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Suzilla\AppData\Local\Temporary Internet Files:0B9nRPW4muMzB3ZVc4gHRn
AlternateDataStreams: C:\Users\Suzilla\AppData\Local\Temporary Internet Files:8Ewh3o6tRnsYbNRTRk4gYwd9
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Suzilla\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3414432899-1644431961-3641730241-500 - Administrator - Disabled)
Guest (S-1-5-21-3414432899-1644431961-3641730241-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3414432899-1644431961-3641730241-1008 - Limited - Enabled)
Mcx1-THOR (S-1-5-21-3414432899-1644431961-3641730241-1013 - Limited - Enabled) => C:\Users\Mcx1-THOR
Suzilla (S-1-5-21-3414432899-1644431961-3641730241-1000 - Administrator - Enabled) => C:\Users\Suzilla
 
==================== Faulty Device Manager Devices =============
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Marvell 91xx Config ATA Device
Description: Marvell 91xx Config ATA Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/14/2015 04:02:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/14/2015 03:08:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004e4e4
Faulting process id: 0x8f0
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (04/13/2015 02:55:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/11/2015 01:25:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/10/2015 02:49:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/08/2015 11:40:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/08/2015 00:45:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/07/2015 02:20:03 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/06/2015 02:26:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/05/2015 03:37:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (04/14/2015 03:16:34 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (04/14/2015 03:16:30 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (04/14/2015 03:12:09 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (04/14/2015 03:11:35 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
 
Error: (04/14/2015 03:07:20 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%886
 
Error Code: 0x80070005
 
Error description: Access is denied. 
 
Reason: %%892
 
Error: (04/14/2015 03:07:19 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (04/07/2015 03:17:21 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (04/07/2015 03:17:18 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (04/06/2015 03:20:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (04/06/2015 03:17:18 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
Error: (04/14/2015 04:02:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (04/14/2015 03:08:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e48f001d07657ab7a693aC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll1eebe6fd-e24b-11e4-abe8-6c626d6b7a39
 
Error: (04/13/2015 02:55:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (04/11/2015 01:25:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (04/10/2015 02:49:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (04/08/2015 11:40:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (04/08/2015 00:45:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (04/07/2015 02:20:03 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (04/06/2015 02:26:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (04/05/2015 03:37:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 33%
Total physical RAM: 8183.11 MB
Available physical RAM: 5422.06 MB
Total Pagefile: 16364.41 MB
Available Pagefile: 13224.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.79 GB) (Free:47.52 GB) NTFS
Drive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: (Mass Storage) (Fixed) (Total:931.41 GB) (Free:153.57 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B6C637CC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0B548A72)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
here's the logs just running mbam now to see if that picks anything else up
 

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

So how did we do?

 

Clear the Java Cache by following the instructions on
 
You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java 8 Update 31 
JavaFX 2.1.1 
 
Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
 
If you feel you must have Java:
Get the latest Java at:
 
Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
 
(If you also want the 64 bit version then use the 64 bit version of IE to get it.)
 
Uninstall RealPlayer  - it's causing an error.
 
FRST removed the folder for WallButress so it probably won't uninstall but it might says it has already been uninstalled and should it remove the entry from the uninstall list.  Tell it yes if it asks.
 
 
Let's see if it did any damage:
 
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:


findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

The stuff in the box above is only needed if SFC says it wasn't able to fix everything or if it crashes.  In either case please do the next step.

 

 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
 

  • 0

#5
Stuzilla

Stuzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

heres the log after all that 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 14/04/2015 18:24:21
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/04/2015 17:09:54
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureCommand with the following error:  Access is denied.
 
Log: 'System' Date/Time: 14/04/2015 17:08:43
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
 
Log: 'System' Date/Time: 14/04/2015 16:58:54
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
 
Log: 'System' Date/Time: 14/04/2015 16:58:54
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Network Inspection System   Error Code: 0x80070005   Error description: Access is denied.   Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 14/04/2015 18:23:12
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/04/2015 16:56:46
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-3414432899-1644431961-3641730241-1000:
Process 6768 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3414432899-1644431961-3641730241-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
 
 

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Looks like Microsoft Security Essentials is broken.  I would download the free Avast:

 

 
 
 
Download, Save but don't install yet.  Uninstall Microsoft Security Essentials, reboot then right click on the downloaded file and Run As Administrator.
 Uncheck any offered software like Google toolbar, or Chrome.  After the next reboot they have been offering dropbox.  You can uncheck that.  Do not accept the offer for a free trial.  Stick with the basic service.
 
 Some people object to the voice notification of updates.  To turn it off, click on the Avast ball then on Settings then on Appearance.  Then on Sounds and uncheck Automatic Updates OK.  (It will still update it just won't tell you about in a loud voice in the middle of the night.)
 
They have also started using their info popup to try and get you to upgrade so I go into Settings, Appearance, Popups and change the first two to 1 second.  Their Browser Cleanup is not so user friendly since it wants to reset your home page and search engine to Yahoo so I go into Settings, Tools, and turn it off.
 
If you haven't registered already then right click on the orange ball and select Registration Information and click on the link.  (They just want your name and email address).  The registration is good for 12-14 months then you will need to register again.  They will, of course, try to talk you into buying the product but you can always register again for another year free tho it may not be the default.  Look for the Basic option.
 
Tonight, after it has updated I want you to let it run a full boot-time scan.  This takes around 6 hours so you want to let it run while you sleep.
 
 How to do a boot-time scan while you sleep:
First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scan, then Scan for Viruses and wait a couple of minutes for the page to change.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  You may need to enable seeing hidden files in order to see the file so: Open the Control Panel menu and click Folder Options.
    After the new window appears select the View tab.
    Put a checkmark in the checkbox labeled Display the contents of system folders.
    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    Remove the checkmark from the checkbox labeled Hide protected operating system files.
    Press the Apply button and then the OK button
 
If you can't find it then take a screen shot of the Detailed Report:
Press the Alt + the Print Screen key on your keyboard. It may be labeled [PrtScn].
 
Open Microsoft Paint (All Programs, Accessories,Paint).
 
Go to the Edit menu and choose Paste (or just do Ctrl + v) and the image should appear.
 
 
Go to the File Menu and choose Save As.
 
Navigate to the folder where you want to save the image.  (Desktop)
 
Type a file name for the image: Avast
 
Select a file type. jpeg 
 
Click the Save button.
 
Attach Avast.jpg to your Reply.
 
(Start a Reply.  click on More Replay Options then on  Choose File,  point it at your desktop and click on Avast.jpg then Open.  Now click on Attach this File)  Then when done you can Add Reply.

 


  • 0

#7
Stuzilla

Stuzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
04/15/2015 01:12
Scan of all local drives
 
File C:\Users\Suzilla\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZULRDFA3\AppleApplicationSupport[1].msi|>AppleApplicationSupport.cab|>AppleApplicationSupport_ColorSync.resources_Profiles_ISOuncoatedsb.icc Error 42127 {CAB archive is corrupted.}
File C:\Users\Suzilla\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZULRDFA3\AppleApplicationSupport[1].msi|>AppleApplicationSupport.cab Error 42144 {OLE archive is corrupted.}
File C:\Users\Suzilla\AppData\Local\Microsoft\Windows\Temporary Internet Files\Exent\DACC\9cfa985c-c67e-4881-9a73-877fc1bf38f8|>\data2.cab Error 42127 {CAB archive is corrupted.}
File C:\Users\Suzilla\AppData\Local\Temp\15C0\temp\ContentAppend.xyz is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\FRST\Quarantine\C\Users\Suzilla\AppData\Local\Temp\mirc634.exe.xBAD|>$OUTDIR\backups\mirc.exe is infected by Win32:Mirc-Z [PUP], Moved to chest
File C:\Program Files (x86)\mIRC\mirc.exe is infected by Win32:Mirc-Z [PUP], Moved to chest
Number of searched folders: 48936
Number of tested files: 1424438
Number of infected files: 3
 
 
copy and paste log of the boot time scan im guessing things are starting to look a little better?

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Avast is happy anyway.  Let's have FRST remove the corrupt archives and the folders which had the malware.

 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
Any problems left that you see?
 
 

  • 0

#9
Stuzilla

Stuzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Fixlist log 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 04
Ran by Suzilla at 2015-04-15 20:14:22 Run:2
Running from C:\Users\Suzilla\Desktop\New folder (3)
Loaded Profiles: Suzilla (Available profiles: Suzilla & Mcx1-THOR)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Suzilla\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZULRDFA3\AppleApplicationSupport[1].msi
C:\Program Files (x86)\mIRC\
C:\Users\Suzilla\AppData\Local\Microsoft\Windows\Temporary Internet Files\Exent\DACC\9cfa985c-c67e-4881-9a73-877fc1bf38f8
C:\Users\Suzilla\AppData\Local\Temp\15C0
*****************
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
C:\Users\Suzilla\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZULRDFA3\AppleApplicationSupport[1].msi => Moved successfully.
 
"C:\Program Files (x86)\mIRC" directory move:
 
Could not move "C:\Program Files (x86)\mIRC" directory. => Scheduled to move on reboot.
 
C:\Users\Suzilla\AppData\Local\Microsoft\Windows\Temporary Internet Files\Exent\DACC\9cfa985c-c67e-4881-9a73-877fc1bf38f8 => Moved successfully.
C:\Users\Suzilla\AppData\Local\Temp\15C0 => Moved successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-15 20:16:38)<=
 
C:\Program Files (x86)\mIRC => Is moved successfully.
 
==== End of Fixlog 20:16:38 ====
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by Suzilla (administrator) on THOR on 15-04-2015 20:21:09
Running from C:\Users\Suzilla\Desktop\New folder (3)
Loaded Profiles: Suzilla (Available profiles: Suzilla & Mcx1-THOR)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\SysWOW64\ASGT.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(NVIDIA Corporation) C:\Users\Suzilla\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Flux Software LLC) C:\Users\Suzilla\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\Suzilla\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avBugReport.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-14] (Avast Software s.r.o.)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [Google Update] => C:\Users\Suzilla\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-09] (Valve Corporation)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [F.lux] => C:\Users\Suzilla\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [Spotify Web Helper] => C:\Users\Suzilla\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-09] (Spotify Ltd)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [uTorrent] => C:\Users\Suzilla\AppData\Roaming\uTorrent\uTorrent.exe [1742928 2015-03-04] (BitTorrent Inc.)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31683168 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Run: [Spotify] => C:\Users\Suzilla\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-09] (Spotify Ltd)
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\MountPoints2: {f6352834-ed89-11e3-a910-6c626d6b7a39} - J:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\Flux.scr [286720 2010-06-24] ()
Startup: C:\Users\Suzilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GarageBand.lnk
ShortcutTarget: GarageBand.lnk -> C:\ProgramData\{2f2f7393-7e90-1937-2f2f-f73937e9ce4d}\GarageBand.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3414432899-1644431961-3641730241-1000 -> {F89009D2-2A23-4629-955A-BE81FE6815E0} URL = http://uk.search.yah...p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-14] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: No Name -> {29AAADC9-DA30-4264-BCC4-D447F7146FC1} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-14] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3414432899-1644431961-3641730241-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Suzilla\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-3414432899-1644431961-3641730241-1000: @talk.google.com/O1DPlugin -> C:\Users\Suzilla\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-3414432899-1644431961-3641730241-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Suzilla\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3414432899-1644431961-3641730241-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Suzilla\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Suzilla\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Suzilla\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-14]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> google.co.uk
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Google Cast) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-10-23]
CHR Extension: (Google Search) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (Radioplayer) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcppdfelojakeahklfgkjegnpbgndoch [2014-07-28]
CHR Extension: (Hate Me Theme) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjphappdihjiebpjehhopffddlpihaep [2011-09-29]
CHR Extension: (AdBlock) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-14]
CHR Extension: (Google Wallet) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Suzilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-14]
StartMenuInternet: Google Chrome - C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-14] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-04-14] (Avast Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-17] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-14] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-14] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-14] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-14] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-14] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-14] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 NETMD760; C:\Windows\System32\Drivers\NETMD760.sys [19456 2012-03-28] (Sony Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 StMp3Recx64; C:\Windows\System32\Drivers\StMp3Recx64.sys [26112 2007-01-12] (Generic)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-14] (Avast Software)
S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [260608 2012-02-27] (Jungo)
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-14 20:38 - 2015-04-14 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-14 20:37 - 2015-04-14 20:38 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-14 20:37 - 2015-04-14 20:38 - 00000000 ____D () C:\Program Files\iTunes
2015-04-14 20:37 - 2015-04-14 20:37 - 00000000 ____D () C:\Program Files\iPod
2015-04-14 20:37 - 2015-04-14 20:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-14 20:16 - 2015-04-14 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-04-14 20:16 - 2015-04-14 20:16 - 00000000 ____D () C:\Program Files\7-Zip
2015-04-14 20:12 - 2015-04-14 20:13 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-04-14 20:12 - 2015-04-14 20:13 - 00000000 ____D () C:\Windows\system32\vbox
2015-04-14 20:12 - 2015-04-14 20:12 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\AVAST Software
2015-04-14 20:11 - 2015-04-14 20:11 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-14 20:11 - 2015-04-14 20:11 - 00001922 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-14 20:11 - 2015-04-14 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-14 20:10 - 2015-04-14 20:10 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-14 20:10 - 2015-04-14 20:10 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-14 20:10 - 2015-04-14 20:10 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-14 20:10 - 2015-04-14 20:10 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-14 20:10 - 2015-04-14 20:10 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-14 20:10 - 2015-04-14 20:10 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-14 20:10 - 2015-04-14 20:10 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-14 20:10 - 2015-04-14 20:10 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-14 20:10 - 2015-04-14 20:10 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-14 20:10 - 2015-04-14 20:10 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-14 20:09 - 2015-04-14 20:09 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-14 20:07 - 2015-04-14 20:08 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-14 18:21 - 2015-04-14 18:24 - 00001540 _____ () C:\VEW.txt
2015-04-14 02:50 - 2015-04-14 03:17 - 00000020 _____ () C:\Users\Suzilla\AppData\Roaming\appdataFr3.bin
2015-04-14 02:49 - 2015-04-15 20:21 - 00000000 ____D () C:\FRST
2015-04-14 02:48 - 2015-04-15 20:21 - 00000000 ____D () C:\Users\Suzilla\Desktop\New folder (3)
2015-04-07 23:31 - 2015-04-07 23:31 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\Mozilla
2015-04-06 15:12 - 2015-04-14 03:07 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3414432899-1644431961-3641730241-1000
2015-04-06 15:11 - 2015-04-14 03:07 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3414432899-1644431961-3641730241-1000
2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-31 21:05 - 2015-03-31 21:05 - 00000000 ____D () C:\Users\Suzilla\Desktop\Vapour ecigs
2015-03-31 21:04 - 2015-03-31 21:04 - 00043101 _____ () C:\Users\Suzilla\Documents\Untitled Project.prproj
2015-03-31 21:04 - 2015-03-31 21:04 - 00000000 ____D () C:\Users\Suzilla\Documents\Adobe Premiere Pro Preview Files
2015-03-30 16:14 - 2015-04-14 11:21 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-30 16:13 - 2015-03-30 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-30 16:13 - 2015-03-30 16:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-30 16:13 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-30 16:13 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-29 17:31 - 2015-03-31 21:14 - 17310144 _____ () C:\Users\Suzilla\Desktop\DSCF1379.AVI
2015-03-29 17:13 - 2015-03-29 17:16 - 00000000 ____D () C:\Users\Suzilla\Desktop\New folder (2)
2015-03-21 01:44 - 2015-03-21 01:44 - 00104996 _____ () C:\Users\Suzilla\Documents\Untitled Project.aep
2015-03-20 23:49 - 2015-03-13 16:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-20 23:47 - 2015-03-13 20:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-20 23:47 - 2015-03-13 20:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-03-20 23:47 - 2015-03-13 20:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-20 23:47 - 2015-03-13 20:41 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-03-20 23:46 - 2015-03-13 20:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-20 23:46 - 2015-03-13 20:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-20 23:46 - 2015-03-13 20:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-20 23:46 - 2015-03-13 20:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-20 23:46 - 2015-03-13 20:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-20 23:46 - 2015-03-13 20:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-20 23:46 - 2015-03-13 20:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-17 00:51 - 2015-03-17 00:51 - 04620764 _____ () C:\Users\Suzilla\Documents\ejuicemeup.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-15 20:20 - 2011-11-07 04:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2015-04-15 20:20 - 2011-09-30 04:23 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\Skype
2015-04-15 20:19 - 2012-02-29 11:58 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\Spotify
2015-04-15 20:19 - 2011-09-30 20:46 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\uTorrent
2015-04-15 20:18 - 2014-06-07 18:19 - 00000000 ____D () C:\Users\Suzilla\AppData\Local\HTC MediaHub
2015-04-15 20:18 - 2012-02-29 11:58 - 00000000 ____D () C:\Users\Suzilla\AppData\Local\Spotify
2015-04-15 20:17 - 2013-12-06 17:14 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-15 20:16 - 2009-07-14 05:51 - 00028448 _____ () C:\Windows\setupact.log
2015-04-15 20:15 - 2011-10-02 14:13 - 00235762 _____ () C:\Windows\PFRO.log
2015-04-15 20:15 - 2011-10-01 03:00 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-04-15 20:15 - 2011-09-29 17:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-15 20:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-15 20:14 - 2011-09-29 16:06 - 01900503 _____ () C:\Windows\WindowsUpdate.log
2015-04-15 20:12 - 2012-05-06 01:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-15 20:02 - 2013-12-06 17:14 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-15 19:30 - 2011-09-29 17:42 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3414432899-1644431961-3641730241-1000UA.job
2015-04-15 19:10 - 2011-11-07 04:03 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\NoNameScript
2015-04-15 06:30 - 2011-09-29 17:42 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3414432899-1644431961-3641730241-1000Core.job
2015-04-15 04:17 - 2009-07-14 05:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-15 04:17 - 2009-07-14 05:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-14 22:12 - 2012-05-06 01:02 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 22:12 - 2012-05-06 01:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 22:12 - 2011-09-30 10:51 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 20:38 - 2012-09-16 21:34 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-14 20:37 - 2011-09-30 03:47 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-14 20:23 - 2013-06-01 22:14 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-14 20:23 - 2013-06-01 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-04-14 20:20 - 2011-12-04 05:09 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-04-14 20:18 - 2011-10-28 12:31 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-14 19:59 - 2011-09-29 17:49 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-04-14 18:05 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-14 17:51 - 2011-10-28 14:21 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\Real
2015-04-14 17:51 - 2011-10-28 14:21 - 00000000 ____D () C:\ProgramData\Real
2015-04-14 17:51 - 2011-10-28 14:21 - 00000000 ____D () C:\Program Files (x86)\Real
2015-04-14 17:50 - 2011-09-29 16:18 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-14 03:11 - 2011-09-30 04:23 - 00000000 ____D () C:\ProgramData\Skype
2015-04-14 03:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2015-04-14 02:30 - 2011-09-30 03:44 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-12 18:02 - 2011-10-02 20:36 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\vlc
2015-04-12 03:43 - 2011-10-02 13:24 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-04-12 03:42 - 2014-09-29 03:53 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\TS3Client
2015-04-09 18:09 - 2012-02-29 11:58 - 00001811 _____ () C:\Users\Suzilla\Desktop\Spotify.lnk
2015-04-09 18:09 - 2012-02-29 11:58 - 00001797 _____ () C:\Users\Suzilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-08 18:07 - 2015-03-04 19:08 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3414432899-1644431961-3641730241-1000
2015-04-08 18:07 - 2015-03-04 19:07 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3414432899-1644431961-3641730241-1000
2015-04-06 16:38 - 2011-10-28 12:27 - 00000000 ____D () C:\Users\Suzilla\AppData\Local\Adobe
2015-04-02 22:31 - 2011-09-29 17:48 - 00002374 _____ () C:\Users\Suzilla\Desktop\Google Chrome.lnk
2015-03-31 20:52 - 2014-08-08 02:40 - 00000000 ____D () C:\Users\Suzilla\Downloads\vapourecigs
2015-03-30 16:30 - 2011-10-28 12:44 - 00000000 ____D () C:\Users\Suzilla\Documents\Adobe
2015-03-30 16:13 - 2012-02-07 00:02 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-30 16:13 - 2012-02-07 00:02 - 00000000 ____D () C:\Users\Suzilla\AppData\Roaming\Malwarebytes
2015-03-30 16:13 - 2012-02-07 00:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-20 23:50 - 2014-06-07 02:01 - 00000000 ____D () C:\Temp
2015-03-20 23:50 - 2012-05-28 01:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-20 23:48 - 2011-09-29 17:31 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-17 00:52 - 2014-07-08 13:17 - 00002785 _____ () C:\Users\Public\Desktop\eJuice Me Up.lnk
 
==================== Files in the root of some directories =======
 
2011-10-28 18:03 - 2011-10-28 18:20 - 0000132 _____ () C:\Users\Suzilla\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-04-14 02:50 - 2015-04-14 03:17 - 0000020 _____ () C:\Users\Suzilla\AppData\Roaming\appdataFr3.bin
2011-10-28 15:37 - 2012-05-03 20:35 - 0001456 _____ () C:\Users\Suzilla\AppData\Local\Adobe Save for Web 12.0 Prefs
2011-10-28 21:25 - 2014-02-07 16:08 - 0005120 _____ () C:\Users\Suzilla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-09 01:49 - 2014-01-02 20:41 - 0007597 _____ () C:\Users\Suzilla\AppData\Local\Resmon.ResmonCfg
2015-03-30 16:20 - 2015-03-30 16:21 - 0011878 _____ () C:\Users\Suzilla\AppData\Local\Temp-log.txt
 
Some content of TEMP:
====================
C:\Users\Suzilla\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Suzilla\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Suzilla\AppData\Local\Temp\sfextra.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-14 03:59
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 04
Ran by Suzilla at 2015-04-15 20:23:18
Running from C:\Users\Suzilla\Desktop\New folder (3)
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.9.2 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.4.9.2 - ASUSTek COMPUTER INC.) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eJuice Me Up (HKLM-x32\...\{399E77D0-5CEC-41CE-AC95-179E2A0B1893}) (Version: 15.3 - Breaktru Software)
eJuice Me Up (HKLM-x32\...\{7C162270-CA72-441F-8349-B0773B97586C}) (Version: 14.1 - Breaktru Software)
f.lux (HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Flux) (Version:  - )
Google Chrome (HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.11.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.13.0 - HTC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lego Harry Potter (HKLM-x32\...\Steam App 21130) (Version:  - TT Games)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 6.34 - mIRC Co. Ltd.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
NNScript (HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\NoNameScript) (Version: 4.22 - ESNation)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{24B89186-2A56-4D28-B930-6F4FCF224E2F}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Really Slick Screensavers 0.2 (HKLM-x32\...\ReallySlickScreensavers) (Version:  - )
RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version:  - Frontier)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.32.1010 - Electronic Arts Inc.)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WallButtress (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{6247f917}) (Version:  - Software Publisher) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
07-04-2015 15:18:20 Windows Update
11-04-2015 15:18:14 Windows Update
14-04-2015 17:49:09 Removed JavaFX 2.1.1
14-04-2015 17:50:01 Removed Java 8 Update 31
14-04-2015 17:53:11 Removed YiHi SXi
14-04-2015 18:11:21 Windows Update
14-04-2015 20:08:53 avast! antivirus system restore point
14-04-2015 20:28:10 Installed iTunes
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2011-10-28 12:44 - 00001451 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 practivate.adobe
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.newoa
127.0.0.1 practivate.adobe.ntp
127.0.0.1 practivate.adobe.ipp
127.0.0.1 ereg.adobe.com
127.0.0.1 ereg.wip.adobe.com
127.0.0.1 ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com
 
There are 18 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0121BB15-D876-4730-9DED-557F6DF4DB60} - System32\Tasks\{85BB894E-3910-4BAB-AACC-6F00CBB56258} => pcalua.exe -a C:\Users\Suzilla\Downloads\vapourecigs\Pearl2004_v1.2.exe -d C:\Users\Suzilla\Downloads\vapourecigs
Task: {1E75A8DF-BC30-43F9-8B18-F2B331C58994} - System32\Tasks\{DD36AC0E-DDD7-4892-9AAC-D471F9C9593B} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {2506C7A2-24EF-4A2F-A42E-36A8E0948E08} - System32\Tasks\{77F36B00-94D8-4DD9-BE6B-5632F7121898} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {329D8603-EE24-449A-8D0A-336C26E31B84} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {346D8F0A-661E-4C5F-A217-2569813E2055} - System32\Tasks\{E8605B7F-C63F-4C6B-A628-10A7AABEC785} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {34948D95-6B02-4E49-AFFC-D1D7C646E400} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3414432899-1644431961-3641730241-1000Core => C:\Users\Suzilla\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {378B3E66-D8A7-4324-A93D-CB33A5B0F9D3} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {3B7A4E33-A5B6-4584-B485-941F90DDBDC5} - System32\Tasks\{43D6963B-FA1E-4EE4-85D1-E347366DC8C5} => C:\Program Files (x86)\Origin Games\The Sims 3\Game\Bin\Sims3Launcher.exe
Task: {3D537326-9FC2-4AA2-A0CA-12BD9D725798} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06] (Google Inc.)
Task: {40848F1B-CFF4-493D-9A4E-9C829C6CCBEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06] (Google Inc.)
Task: {43687A07-B2B7-4BD2-B811-32A7A4F46484} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3414432899-1644431961-3641730241-1000UA => C:\Users\Suzilla\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {6A1739BB-F1B5-4132-9770-E8C31D6CF77B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3414432899-1644431961-3641730241-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6DF0D315-CE47-4A45-800D-E3BFE7A48CA2} - System32\Tasks\{D685DCD5-7B27-4A90-BB0A-707D40141936} => pcalua.exe -a C:\Users\Suzilla\Downloads\PA_DRIVER-V.EXE -d C:\Users\Suzilla\Downloads
Task: {7618E86F-0142-4E33-B2AD-F8ED93418689} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3414432899-1644431961-3641730241-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {788641D7-B16D-49A4-AFFC-F9CFFA993837} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-THOR => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: {84434BB8-75B7-4C53-9FD7-92D6B94B905C} - System32\Tasks\{F19669BA-3BB4-473D-AD0D-F34E112DB9C4} => C:\Program Files (x86)\MSI\Live Update 5\StartControlCenter.exe
Task: {86AE5BE2-B5C7-435C-8541-A383AE87F95F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {8EB8AD11-344D-4E4E-A832-AE084F6A8043} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3414432899-1644431961-3641730241-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {960B9585-8B65-4491-9475-94AC76E41058} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-14] (Avast Software s.r.o.)
Task: {96FBD20D-EC3D-46D4-AC11-217F1DFC2041} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3414432899-1644431961-3641730241-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {98BA4B2D-15E3-48FD-A561-89B6961AEE0E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {9CF3ED2B-B557-4789-91A4-CA898492D847} - System32\Tasks\{94890C69-3B7C-425E-9E8F-D06499D26B44} => pcalua.exe -a C:\Users\Suzilla\Downloads\nnscript422.exe -d C:\Users\Suzilla\Downloads
Task: {AAA8E07C-CF3A-467A-B1A1-4079588F7854} - System32\Tasks\{144360E6-9329-4C1F-8FB4-3AD8905FE8C4} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/91900
Task: {BA4AD5C9-063C-4306-B950-1A945E65AC99} - System32\Tasks\{09A7401A-A116-454E-96B7-A106EFFA97BE} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {BF314498-D87E-4E52-B74D-C40E3816A4BD} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3414432899-1644431961-3641730241-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {C3F82A5D-B881-4352-BBF5-CA182AD85231} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CBD78E4B-52C9-4AE4-BADC-F052A1A67C94} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3414432899-1644431961-3641730241-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {CDE4D9AD-B07E-4934-B7DC-39F6B3167C34} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {DDAFF6A6-FBC3-43FD-A9DC-3C910AFC7E2C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3414432899-1644431961-3641730241-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E422569A-4F9C-47BA-ABA5-BE624BE755F1} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {E9F37742-3605-4F17-AC50-242294A5943D} - System32\Tasks\{87CB8583-6398-46FB-9640-06CAFE582889} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {EB7E3AAB-3C56-4BA5-B578-E15D1E9D46A0} - System32\Tasks\{45343C14-E505-472C-96B3-28E2278AFF5D} => pcalua.exe -a C:\Users\Suzilla\Downloads\vapourecigs\Pearl2004Sim_v1.exe -d C:\Users\Suzilla\Downloads\vapourecigs
Task: {F35A6AE4-DCB5-41AC-9E3A-EA82DFF34405} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {F393B723-628D-4522-A648-61E4BDFD423A} - System32\Tasks\{315DF5FA-9DE8-429F-AB5B-C1DCABDF4806} => C:\Program Files (x86)\Steam\steamapps\common\silent hill homecoming\Bin\SilentHill.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3414432899-1644431961-3641730241-1000Core.job => C:\Users\Suzilla\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3414432899-1644431961-3641730241-1000UA.job => C:\Users\Suzilla\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-22 15:59 - 2015-03-13 17:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-17 12:24 - 2012-01-17 12:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-05-27 12:33 - 2014-05-27 12:33 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2015-04-14 20:10 - 2015-04-14 20:10 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-14 20:10 - 2015-04-14 20:10 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-15 20:11 - 2015-04-15 20:11 - 02925568 _____ () C:\Program Files\AVAST Software\Avast\defs\15041501\algo.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-05-27 12:33 - 2014-05-27 12:33 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-05-27 12:33 - 2014-05-27 12:33 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-05-27 12:34 - 2014-05-27 12:34 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-05-27 12:35 - 2014-05-27 12:35 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2015-04-14 20:10 - 2015-04-14 20:10 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-04-02 22:31 - 2015-03-30 22:07 - 01174856 _____ () C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-02 22:31 - 2015-03-30 22:07 - 00080200 _____ () C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-02 22:31 - 2015-03-30 22:07 - 09279304 _____ () C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-02 22:31 - 2015-03-30 22:07 - 14974280 _____ () C:\Users\Suzilla\AppData\Local\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Suzilla\AppData\Local\Temporary Internet Files:0B9nRPW4muMzB3ZVc4gHRn
AlternateDataStreams: C:\Users\Suzilla\AppData\Local\Temporary Internet Files:8Ewh3o6tRnsYbNRTRk4gYwd9
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3414432899-1644431961-3641730241-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Suzilla\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3414432899-1644431961-3641730241-500 - Administrator - Disabled)
Guest (S-1-5-21-3414432899-1644431961-3641730241-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3414432899-1644431961-3641730241-1008 - Limited - Enabled)
Mcx1-THOR (S-1-5-21-3414432899-1644431961-3641730241-1013 - Limited - Enabled) => C:\Users\Mcx1-THOR
Suzilla (S-1-5-21-3414432899-1644431961-3641730241-1000 - Administrator - Enabled) => C:\Users\Suzilla
 
==================== Faulty Device Manager Devices =============
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Marvell 91xx Config ATA Device
Description: Marvell 91xx Config ATA Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/14/2015 08:28:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary mezotcin.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/14/2015 08:14:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary mezotcin.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/14/2015 08:13:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary mezotcin.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/14/2015 08:09:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary mezotcin.
 
System Error:
The system cannot find the file specified.
.
 
 
System errors:
=============
Error: (04/15/2015 08:19:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (04/14/2015 06:09:54 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (04/14/2015 06:08:43 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (04/14/2015 05:58:54 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (04/14/2015 05:58:54 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%8604.7.0205.0%%886%%8920x80070005Access is denied. 9
 
 
Microsoft Office Sessions:
=========================
Error: (04/14/2015 08:28:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary mezotcin.
 
System Error:
The system cannot find the file specified.
 
Error: (04/14/2015 08:14:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary mezotcin.
 
System Error:
The system cannot find the file specified.
 
Error: (04/14/2015 08:13:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary mezotcin.
 
System Error:
The system cannot find the file specified.
 
Error: (04/14/2015 08:09:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary mezotcin.
 
System Error:
The system cannot find the file specified.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 51%
Total physical RAM: 8183.11 MB
Available physical RAM: 3968.43 MB
Total Pagefile: 16364.41 MB
Available Pagefile: 11795.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.79 GB) (Free:41.86 GB) NTFS
Drive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: (Mass Storage) (Fixed) (Total:931.41 GB) (Free:153.57 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B6C637CC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0B548A72)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
the only problem so far is that i gotta reinstall my irc client >.< (but that's better than having malware all up in my computer)
 

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Sorry about your IRC client.  Apparently Avast didn't like it.

 

I am concerned about:

 

Details:
AddLegacyDriverFiles: Unable to back up image of binary mezotcin.
 
This seems to be a driver that doesn't want to be played with and it has a random name which is suspicious.
 
Copy the following 3 lines
 
cd \
dir /a /s mezotcin > \junk.txt
notepad \junk.txt
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied lines should appear.  
The second line will take some a few minutes to finish.  Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 

  • 0

Advertisements


#11
Stuzilla

Stuzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
here you go 
 
 Volume in drive C has no label.
 Volume Serial Number is 304D-763E

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Didn't find it.  Let's try:

cd \
dir /a /s mezotcin.sys > \junk.txt
notepad \junk.txt

since it's supposed to be a driver.


  • 0

#13
Stuzilla

Stuzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
 Volume in drive C has no label.
 Volume Serial Number is 304D-763E
 
 
same again

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

I don't suppose window's regular search box will find anything but give it a try and type in 

mezotcin


  • 0

#15
Stuzilla

Stuzilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

its only shows up the the addition.txt file i send you the orignal log from is it worth running a second boot scan?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP